Accessing AWS EC2 instances through ELB

前端 未结 2 1154
萌比男神i
萌比男神i 2021-02-13 22:15

I\'m trying to set up two instances under an elastic load balancer, but cannot figure out how I\'m supposed to access the instances through the load balancer.

I\'ve set

相关标签:
2条回答
  • 2021-02-13 22:28

    I went ahead and created a script that will reproduce the same exact steps that i'm using. This assumes you're using linux as an operating system and that the AWS CLI tools are already installed. If you don't have this setup already I recommend starting a new Amazon Linux micro instance and running the script from there since they have everything already installed.

    1. Download the X.509 certificate files from amazon https://aws-portal.amazon.com/gp/aws/securityCredentials

    2. Copy the certificate files to the machine where you will run the commands

    3. Save two variables that are required in the script

      aws_account=<aws account id>
      keypair="<key pair name>"
      
    4. Export the certificates as environmental variables

      export EC2_PRIVATE_KEY=<private_Key_file>
      export EC2_CERT=<cert_file>
      export EC2_URL=https://ec2.us-east-1.amazonaws.com
      
    5. Create the security groups

      ec2-create-group loadbalancer-sg -d "Loadbalancer Test group"
      ec2-authorize loadbalancer-sg -o loadbalancer-sg -u $aws_account
      ec2-authorize loadbalancer-sg -p 80 -s 0.0.0.0/0
      
    6. Create the user-data-file for the instance so that apache is started and the index.html file is created

      mkdir -p ~/temp/ 
      echo '#! /bin/sh
      yum -qy install httpd
      touch /var/www/html/index.html
      /etc/init.d/httpd start' > ~/temp/user-data.sh
      
    7. Start the new instance and save the instanceid

      instanceid=`ec2-run-instances ami-31814f58 -k "$keypair" -t t1.micro -g loadbalancer-sg -g default -z us-east-1a -f ~/temp/user-data.sh | grep INSTANCE | awk '{ print $2 }'`
      
    8. Create the loadbalancer and attach the instance

      elb-create-lb test-lb --availability-zones us-east-1a --listener "protocol=http, lb-port=80, instance-port=80"
      elb-register-instances-with-lb test-lb --instances $instanceid
      
    9. Wait until your instance state in the loabalancer is "InService" and try to access the urls
    0 讨论(0)
  • 2021-02-13 22:45

    It sounds like you have everything set up correctly. Are they the same ports going into the loadbalancer as the instance? Or are you forwarding the request to another port?

    As a side note, when I configure my loadbalancers I don't generally like to open up my instances on any port for the general public. I only allow the loadbalancer to make requests to those instances. I've noticed in the past that many people will make malicious requests to the IP of the instance trying to find a security breach. I've even seen people trying to brute force login into my windows machines....

    To create a security rule only for the loadbalancers run the following commands and remove any other rules you have in the security-group for the port the loadbalancer is using. If you're not using the commandline to run these commands then just let me know which interface you're trying to use and i can try to come up with a sample that will work for you.

    elb-create-lb-listeners <load-balancer> --listener "protocol=http, lb-port=<port>, instance-port=<port>"
    ec2-authorize <security-group>  -o amazon-elb-sg -u amazon-elb
    

    Back to your question. Like I said, the steps you explained are correct, opening the port on the instance and forwarding the port to the instance should be enough. Maybe you need to post the full configuration of your instance's security group and the loadbalancer so that I can see if there is something else affecting your situation.

    0 讨论(0)
提交回复
热议问题