Questions tagged with Elastic Load Balancing
Content language: English
Sort by most recent
## 404 Can't access ALB and EC2 via CloudFront
I'm creating a multi-behavior CloudFront configuration, one for an S3 bucket website and the other for an EC2 application connected via an ALB. I can access the ALB using its DNS and the S3 bucket via CloudFront, but I can't access the ALB and EC2 application through CloudFront. I've carefully checked the security group ports, access permissions, and HTTP methods. I've disabled caching for both behaviors.
Please suggest possible causes.
responce is like this
## 404 Not Found
- Code: NoSuchKey
- Message: The specified key does not exist.
- Key: efforsition
-----------------
My CloudFront origin settings and behaviors are as follows:
alb origin
Hi folks,
we experienced with a problem - private IP changed for Load Balancer, docs says it shouldn't change during LB lifetime:
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html
*These private IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer.*
We saw this today, our production version has broken, it's very bad. Question to AWS specialists - how could it be? And how often to expect such undocumented behavior?
Dmitry
We have given architecture (simplified)
* Our Multitenant Service is behind loadbalancer and has no auth capabilities - that is why we use cognito
* We also have single tenant software (Tenant 1 and Tenant2) installable in AWS or in Private Cloud
* These tenant instances backends integrates with the Multitenant Service. But as you can see, as it can be running from the internet, we need to have some authenticataion.
* We have setup Load Balancer with Cognito Authentication, UserPool and AppClient.
How to approach the integration of our tenants, when they need to authenticate on LoadBalancer on machine level? - there won't be anyone to login via GUI. We thought of using multiple App Clients for each tenant, however we just want to authenticate, so our HTTP requests flow through LB, and we don't need to manage Cognito UserPool.
Thanks
My client is not able to access ALB URL, but I am able to access the same. ALB URL's security group has "All Traffic" rule in both inbound and outbound rules. Also my EC2 instance is windows and I have deactivated its firewall to not block any incoming IP addresses. How to solve this issue.
Hello everyone! I'm using Terraform to create a simple Application Load Balancer (ALB), but I keep encountering an error when running terraform apply. The error message seems to concatenate the ARN of the ELB Listener with the ARN of the AWS ACM Certificate, which I find strange. I've searched my entire project for any incorrect variable usage but couldn't find any issues. I'm hoping someone can help guide me through this problem.
Here's the error message I'm getting:
```
Error: reading ELB (Elastic Load Balancing) Listener Certificate (arn:aws:elasticloadbalancing:us-east-1:{id}:listener/app/my-lb/###############/###############_arn:aws:acm:us-east-1:############:certificate/####################################): ListenerNotFound: One or more listeners not found
```
And here's a simplified version of my Terraform code:
```
terraform {
required_providers {
archive = {
source = "hashicorp/archive"
}
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
required_version = ">= 1.4.2"
}
resource "aws_lb" "main" {
name = "my-lb"
load_balancer_type = "application"
subnets = [some var]
security_groups = [some var]
}
resource "aws_lb_target_group" "main" {
name = "tg-main"
vpc_id = [vpcid]
port = 80
target_type = "ip"
protocol = "HTTP"
health_check {
healthy_threshold = 3
interval = 100
timeout = 30
}
#depends_on = [var.sh.main_alb]
}
resource "aws_lb_listener" "https" {
load_balancer_arn = aws_lb.main.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = data.terraform_remote_state.global.outputs.certificate_arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.tg-main.arn
}
}
```
I'd really appreciate any guidance or suggestions to help me understand and resolve this issue. Thank you!
The following is the timeline of the events:
1. Private NLB is created across 4 AZs, 3 of them populated with EC2 instances which are part of the NLB's target groups.
2. Over time, the pool of instances shrinks down to occupy a single AZ.
3. Sometime later, we notice that the NLB's DNS record now resolves to a single A record pointing to an IP within the same AZ as the one containing the EC2 instances. This seems unusual, because NLB's private IPs are supposed to remain static after the LBs creation [as I've confirmed in this re:Post question](https://repost.aws/questions/QU3ym83kIyQyCJVIgtFsqf2Q/are-nl-bs-private-i-ps-subject-to-change-over-its-lifetime)
4. New EC2 instances are brought up in other AZs and are added to the NLBs target groups. The LB does not adjust to this by adding new IPs in these AZs; it continues to resolve to a single A record.
So my questions related to the timeline above are:
1. Is the disappearance of previously attached IPs an expected part of the NLBs lifecycle? How does this square with the statement about NLB's private IPs being static?
2. Should I expect this NLB to remediate and add in private IPs across newly occupied AZs?
3. If all instances in the same AZ as the NLB's last remaining IP are taken down, will this NLB continue to sending traffic to the other instances if I keep cross-zone load balancing turned off?
i have attached private subnet 1c to public application load balancer. what would happen with the server which is in public subnet 1c. will the traffic reach to that server ?
Hello,
I'm not a web developer. I created my AWS EB WebApp as Classic Load balancer. I'm now setting up Cloudfront distribution for CDN with a custom domain that I bought from AWS Route 53. My cloudfront is working, but it's not responding for POST request. When I read about it online, I think my aws eb webapp should be migrated to Application Load Balancer. Could you help please? - Haile
When Elastic Beanstalk auto-generates resources, NLB is created with Network mapping for subnets with "Assigned by AWS" IPv4 addresses.
How it would be possible to a associate Elastic IP to Beanstalk environment with Network Load Balancer for **inbound** traffic? *(This is not to be confused with [static "source" IP address](https://repost.aws/knowledge-center/elastic-beanstalk-static-IP-address) in Beanstalk)*
I reviewed [related CloudFormation resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html) to see if or how I can make use of them but I am not sure if this can be applicable for Elastic Beanstalk environments.
I have created 4 EC-2 instances. Three of them in us-east-1c and one in use-east-1d.I have created two target groups with two instances each. I have created a simple html page in each server using putty and created application load balancer with default http to target group 1.
But when I want to divert to target group 2 using path base listener it shows URL not found 404 error.
I have created index.html file in each server root directory /var/www/html. When using ALB DNS name it displays target group 1 server i.e. server 1 and server2.
In root directory of server 3 and server 4 I created a random folder like images. When I assigned listener path to /images and forwarded to target group 2 i.e. server 3 and server 4 the URL shows not found.
What mistake am I doing here? Kindly explain
Afternoon all ... if I am reading things correctly, a Network Load balancer has a 55k connection limit and as things stand right now I am hovering around a 52k active flow count connections.
So if I am correct in the above, I can't simply split that by changing a DNS endpoint, so I was wondering what is considered best practice? The current is a single DNS name with a CNAME to the NLB, so I can't just put a second NLB and have 2 values in Route 53 (that I know of) so what is a good solution to this?
Thanks much
I am trying to get a handle on how to you define an ALB, its Listeners, Target group and Security groups in a CF Template. So I wrote out this sudo code listing. Is this correct if the ALB is Internal, listening on port 443 for traffic and sending that traffic to port 80 on the instance webserver?
* ALB
* Properties:
* Type: internal
* Listener: 80
* Listener: 443
* Subnets
* SecurityGroups
* LBAttributes
* ALBListener80
* Properties:
* Reference: ALB
* Port: 80
* Redirect rule to port 443
* ALBListener443
* Properties:
* Reference: ALB
* Port: 443
* SSL Policy
* Certificate
* Forward rule to ALBTarget80
* ALBTarget80
* Properties:
* Port: 80
* VPCid
* TargetgroupAttributes
* Registered instance(s)
* Healthcheck
* Check port 80
* ALBSecurityGroup
* Ingress rules:
* Allow port 80 from VPC CIDR
* Allow port 443 from VPC CIDR
* Egress rules:
* Allow port 80 to InstanceSecurityGroup
* Allow port 443 to InstanceSecurityGroup
* Allow All traffic to 127.0.0.1/32
* InstanceSecurityGroup
* Ingress rules:
* Allow port 80 from VPC CIDR
* Allow port 443 from VPC ALBSecurityGroup
* Egress rules:
* Allow all to 0.0.0.0/0
Am I looking at this correctly?