Questions tagged with Elastic Load Balancing
Content language: English
Sort by most recent
What is the role of ports in the target group of the application load balancer?
When setting up the load balancer, I understand that it consists of a listener port, a target group port, and an instance port (ip port). I think that the load balancer goes to the target group through the listener port and traffic is divided according to the instance port in the target group. Then, the target group port does not seem to affect the load balancing. What is the role of the target group port?
Problem on Application load balancer with rule: Health check only responds on the default rule
Hi everyone I have 3 microservices running on an **ECS cluster**. Each microservice is launched by a **Fargate task**. Each microservice runs in its own Docker container. * *Microservice A* responds on port 8083. * *Microservice B* responds on port 8084. * *Microservice C* responds on port 8085. My configuration consists of two public subnets, two private, an internet gateway and a NAT, as well as two security groups, one for fargate services and one for ALB. On the security groups I have enabled inbound traffic on all ports. I have defined a listner for the ALB that responds on port 80 and wrote some path-based rules to route requests to the appropriate target group (*every target group is a Target type*) :![Enter image description here](/media/postImages/original/IM8oFOWQXjQEuDjdKe3PeGgw) Only the health check of the target group that responds to the default rule responds ( but I suspect it all happens randomly) , and consequently only the service reachable on port 8083 works ![Enter image description here](/media/postImages/original/IMtOk5-EqJRrmxLa49ium6hg) The remaining target groups are **unreachable**. What you notice is that in the "*Registered Target"* section the assigned IP addresses change continuously. For example: ![![Enter image description here](/media/postImages/original/IMkdJ_RNqsTJazJ3J8j4foqw) Enter image description here](/media/postImages/original/IMCm7LLgy1QJKk0JsLC3XlGg) But every time IP assigned it generates a timeout. It can happen quite randomly that a certain IP address is registered correctly. These are the ECS configurations of one of the unresponsive services: ![Enter image description here](/media/postImages/original/IMOdt86JdpS_2paN_elspK5g) What is the problem and how can I solve it? Thank you. **UPDATE1** I tried to add a new instance for microservice A. For the new IP (10.0.0.137) the health check is not responding. After a few minutes, the provisioning of a new IP (10.0.0.151) appears and it is registered correctly: ![Enter image description here](/media/postImages/original/IMUcZubrfCRrGo-fpqYAvSJQ) **UPDATE2** It is really strange behavior. **All services are now connected correctly**, after several hours of failed attempts. It looks like an IP address assignment problem. Before finding the correct address, AWS makes several attempts with different IP addresses until it randomly finds the correct one. These are the CIDRs of my PRIVATE subnets * private_subnets = ["10.0.0.128/28", "10.0.0.144/28"] * public_subnets = ["10.0.0.0/28", "10.0.0.16/28"] While these are the IPs that connected successfully: 1. 10.0.0.136 (micorservice A istance1) 2. 10.0.0.151 (micorservice A istance2) 3. 10.0.0.153 (micorservice A istance3) 4. 10.0.0.152 (micorservice B) 5. 10.0.0.142 (Microservice C)
Cloudwatch SDK using putLogEvents() works locally but 504 Gateway timeout on my server (EC2)
I have a function that uses `putLogEvents()` method and it works fine locally but not when we push it out to our server (EC2 instance). We are always getting 504. I checked our LB and its allowing all traffic. I am running out of ideas why it is timing out on our server.
Handling double slash // in URL path by Load Balancer
We have a website running on Beanstalk and served behind an application load balancer. When there is double slash in the URL e.g. https://example.com/en//page/path/ the load balancer forwards the request to https://example.com/en/page/path/ even though the URL in the browser remains as https://example.com/en//page/path/. How can we handle this so that the load balancer either forwards the request with the double slash to beanstalk or does a 301 redirect to sigle slash url.
Application Load Balancer payload limit?
Hello, I was curious what the maximum payload ammount is for an application load balancer? For example, what is the size limit that an ALB will allow a json request body to be for an HTTP post call. Is 100MB the limit? i've checked https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html for quotas but I'm not seeing payload listed.
Network Load Balancer SSH with Proxy V2 and Client IP Preserving
In extend to following question, [https://repost.aws/questions/QUL1n0UH_ITzCNSZ5d_NR1Qg/proxy-protocol-v-2-with-disabling-client-ip-preservation-in-nlb-target-groups]() I have configured a network load balancer disabling client IP preservation and enabling proxy V2. Idea is to only allow requests from Load balancer to EC2 instance behind. All the configurations are in a private network and security groups have attached to EC2 instance to allow traffic only from load balancer for SSH and HTTP. I could find a way to get the client ip address in http using the configurations in nginx.*** Is there a way to get the original client ip address in SSH request and log it to a file?***
Proxy Protocol V2 with Disabling client IP preservation in NLB Target groups
Proxy Protocol V2 with Disabling client IP preservation in NLB Target groups Here, I am doing some R&D type of activity. I have a network load balancer and an EC2 instance running in my private network. In EC2 instance, nginx is installed and configured to accept proxy v2. I have configured the log format as follows in order to log the original client ip of the request. ``log_format compression '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "$gzip_ratio"';`` I have enabled proxy V2 in network load balancer and disabled client ip preservation. Security group attached to EC2 instance allow traffic only from network load balancer IP. What I want to do is allow traffic only from Network Load Balancer and I want to retrieve the Original client ip from the proxy headers. Allow traffic from NLB is working properly but with the above setup nginx still logs the NLB's IP as the client IP. What is the issue of this setup?
Private Instance and Public ELB HTTPS Problem.
My VPC structure looks like this: VPC: 1 Public Subnet : 2 (1 Public Instance in each Subnet) Public ELB : 1 (Public ELB for Public Instance above) Public Subnet : 1 (for NAT Gateway) Private Subnet : 1 (1 Private Instance) Here, the Private Instance should connect to the Public ELB. At this time, HTTPS communication should be established between the Private Instance and the Public Instance behind the ELB, but HTTPS communication is not possible because the Public ELB is playing an intermediate role. How can I solve the problem? Or is the structure wrong?
https listener creation fails in AWS Elastic Beanstalk
I have developed and deployed a python application to AWS Elastic Beanstalk that works fine. When I modify the application bundle with the addition of the ```.ebextensions/https-reencrypt-alb.config``` file the deployment of the Application fails with the following Error: ``` "Unable to deploy application version: Configuration validation exception: You must specify an SSL certificate to configure a listener to use HTTPS." ``` Contents of ```https-reencrypt-alb.config``` as follows... ``` aws:elbv2:listener:443: DefaultProcess: https ListenerEnabled: 'true' Protocol: HTTPS aws:elasticbeanstalk:environment:process:https: Port: '443' Protocol: HTTPS ``` I have a certificate created all ready, but creating a listener on port 443 fails (silently, after reporting - Pending create). I assume this is failing because I have not been able to deploy the version with this https termination file included. I have successfully deployed two previous, and very similar, applications with https support (in June and August) and they work fine. Has something changed in Elastic Beanstalk/Route 53/Certificate Manager since then that requires a different deployment process?