Questions tagged with Elastic Load Balancing
Content language: English
Sort by most recent
ACM Renew issue with Correct DNS
I have problem to verify (renew) ACM Certificate for domain. Verification is by DNS and DNS are correctly set. Renewal eligibility is "Eligible". Certificate is associated with Load Balancer. This is the 3th renew. Renewal status is still "Pending validation" 15 days before expiration. Can anyone help?
How to fix duplicate transactional email issue caused by multiple EC2 instances?
A business guy's description: customers get multiple email notifications about the same transaction. Developer's description: We have a problem with the load balancer and scheduled cron jobs in the Elastic Beanstalk ".ebextensions"-folder. When the load balancer scales in, there are multiple EC2 - instances and every instance executes cron jobs defined in the .ebextensions - folder of the project. That causes problems with the notification email delivery and our clients can receive multiple notifications -> sent email count is the same as the number of active instances. We've already tried scale in protection and "leader_only" = true definition for commands, but those are not working. What should we do to fix this problem correctly?
AWS ECS randomly removed target group (ec2 instance)
I have an ECS service with daemon as type and today randomly the task count went from 2 (default) to 1, and haven't been able to fix it. And the events tab is getting spammed with: service xyz updated computedDesiredCount for taskSet ecs-svc/0123 to 1. (daemon service xyz) updated desired count to 2. It goes from 1 to 2 to 1 to 2 again every 10 seconds. Does anyone have an idea how to fix this? I have tried forcing new deployments, but nothing. In the deployments tab the ACTIVE status is running one task. And the PRIMARY has desired 1, but pending and running are 0 tasks.
I have a microservice. What would be the most appropriate and economical infrastructure. The idea is to always keep the same public ip to associate it to the DNS. And that it does not change when we make new deployments. - Use Fargate with Balancer. - Use Api Gateway. - Use Beanstalk with Elastic Ip in an EC2 and without Balancer.
WAF Geo Restriction - False Positive IP Block
Hello, My organization recently obtained our own block of public IP addresses from ARIN. We are currently using one of these IPs as our outbound IP for all internet traffic. We are seeing an increase in "403 Forbidden" errors for certain websites hosted on AWS. The responding server header for these errors is "awselb/2.0" One software vendor we worked with said they had to manually add an exception for our IP address. That specific vendor said their AWS WAF was configured to only allow connections from certain countries (one of the countries being the US, where we are located). I have verified that our geoIP information is accurate in Maxmind as well as other major providers. Also, our IP block is not listed in any major spam lists. So my question is, why is AWS not seeing our IP as being in the US? Do they use a separate geoIP database, or are they just slow to refresh their database with other geoIP providers? Unfortunately, my organization is not currently an AWS customer, so we have no access to AWS support. This forum is our only resort. Any help you can provide would be very much appreciated. Thanks
ALB as reverse proxy with home server as target
I am trying to use a ALB as a reverse proxy to send traffic to my home server, I got an API Gateway to do this but then realised API Gateway only supports HTTP/HTTPS whereas I am also using socket.io which makes use of web sockets and extra packet data. I can't seem to find a proxy option in the API Gateway web sockets flavour. So I thought that an ALB as a proxy would resolve this issue, but I can't seem to set the target IP in a target group as anything outside of a VPC and I want to set it as my home address.
All Route 53 Alias options greyed out
When trying to create a new Route 53 record and enabling **Alias**, all options under "**Route traffic to**" except for "another record in this hosted zone" are greyed out and unavailable to select. I am trying to point a CNAME to my active ELB, but cannot select "**Alias to Application and Classic Load Balancer**" Any reason all the options would be disabled? Account permissions? Security settings?
EKS NLB target groups protocol change to https
Hi, how to change the target groups protocol to https? The listener is TLS with cert binding is working however the backend forward to the pod is not working, I unable to find the annotation to change the protocol from tcp (current) to https, can you share the correct annotations. annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "https" service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "2" service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "2" service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:xxxxxxxxxxxx
ALB and gRPC keep alive pings to keep a gRPC stream open
Hi, I have a Fargate instance running a gRPC API (written with Spring Boot) running behind of an AWS ALB (ALB listens on port 9090 / HTTPS, target group uses HTTP / 9090 and protocol gRPC). The client, that I am using, is able to communicate with the gRPC server. We also instantiate a server stream to the client that needs to stay open, because the server needs to send some data with low latency to the client. However, after 60 seconds the stream will be terminated (default timeout of the ALB). To prevent that, I have configured the client to send keep alive pings every 20 seconds, but that does not work. I also tried to use server side keep alive pings, however, that was not working either. To verify that the pings are send to the server, I used Wireshark and it seems that at least the client side keep alive pings work. Does the ALB support keep alive pings to keep the gRPC stream open? Are there any best practices on how to set up gRPC streams with the ALB? Thanks in advance :-).
Redirect external HTTP requests into VPN-network
Hello guys! I have an algo VPN-server hosted in the AWS cloud, and I would like redirect external HTTP-request (from global internet), that comes, for example, to Load Balancer to be redirected to the PC inside my VPN-network. HTTP-request chain: client -> aws load balancer -> VPN-cloud -> My PC running server Any ideas how to do it? I was thinking on launching an extra EC2-instance with VPN-client and proxy-server on board, so the sequence would be following: HTTP-request -> Load Balancer -> EC2-Instance -> PC in VPN. But I'm not sure that this solution is the simplest one.
How to configure listeners for more than 50 ports in NLB
Access is performed using a private link in a configuration with two VPCs. NLB is specified as the connection destination of the private link, but it is a requirement that port 50 or more must be used. NLB listeners can't scale beyond 50. Is there any way to solve this?