Alb Walkthrough

calendar Jun 24, 2024 · 4 min read · aws  ·
Share on: linkedin copy

The following post will take you through a detailed and explained creation of aws application load balancer.

Application Load Balancer

What we're going to create

  • We'll describe the underlying VPC (but will not take you to the details of creating it)

The basic network

  • We'll create a VPC with:
    • 2 public subnets, one in each AZ used (a, b):
      • suggested names: pub-a, pub-b
      • an internet gateway (IGW)
      • a public routing table for both public subnets
      • a default route pointing to the IGW
    • 2 private subnets, one in each AZ used (a, b):
      • suggested names: priv-a, priv-b
      • a NAT GW (we'll explain later why this is needed)
      • a private routing table for both private subnets
      • a default route pointing to the NAT-GW
    • Fix the default security group:
      • remove the single default rule there
      • allow SSH (tcp port=22) coming from 0.0.0.0/0
      • allow HTTP (tcp port=80) coming from 0.0.0.0/0
      • rename the SG to something like: LB-targets-SG
      • It will defend the ec2 targets we'll run in the private subnets
    • Add another SG:
      • allow HTTP (tcp port=80) coming from 0.0.0.0/0
      • rename the SG to something like: LB-users-SG
      • this one will defend the load balancer itself from traffic coming from the Internet

Launch Template

  • will be used to run ec2 instances as targets.
  • Details:
    • find Launch Templates in the ec2 menu, then click on Create launch template
    • select "Provide guidance..."
    • For AMI, choose quick start, then select Amazon Linux
    • Select t2-micro as the instance type
    • Select an appropriate key-pair. We don't plan to use it, but you may need it for troubleshooting in case something goes wrong
    • Don't include a subnet in your template
    • Assign the LB-targets-SG to the template
    • Go to the end of the page, open the Advanced Details, scroll again to the end, and paste the following into the user data section:
     1#!/bin/bash
 2########################################
 3##### USE THIS WITH AMAZON LINUX 2 #####
 4########################################
 5
 6# get admin privileges
 7sudo su
 8
 9# install httpd (Linux 2 version)
10yum update -y
11yum install -y httpd.x86_64
12systemctl start httpd.service
13systemctl enable httpd.service
14echo "Hello World from $(hostname -f)" > /var/www/html/index.html
    • This will install Apache web server on any instance launched from that template. This means that these instances would need internet connection - even if launched into a private subnet (hence the NAT GW)
    • HIT Create Launce Template

Create Target Group

  • Go to Target Groups (ec2 at the bottom)
  • Select Create target group
  • Select Instances
  • Fill in the name: LB-TG
  • Leave HTTP:80 as it is
  • Select your VPC
  • Leave everything as it is, click Next, and hit Create target group

Create Load Balancer

  • Select Load Balancers (ec2 at the bottom)
  • Click on Create load balancer
  • Click on Create under Application Load Balancer
  • Fill in the name: demo-LB
  • Leave Internet-facing as your choice
  • Go to Network Mapping and choose your VPC
  • NOW HERE'S THE TRICK:
    • Make sure you choose pub-a for AZ - A
    • Make sure you choose pub-b for AZ - B
    • You are not going to put any ec2 targets in these subnets, but they make sure your LB can access these AZs
  • Select your LB-users-SG
  • In the Listener part, choose you newly created target group
  • Skip to the end and hit on create.

Attach ASG to LB

  • Go to Auto Scaling Groups (ec2 at the bottom)
  • Hit Create Auto Scaling Group
  • Use LB-ASG as the ASG name
  • Select the Launch Template you have created
  • Leave version 1 as the current version abd hit Next
  • Go to Network and select your VPC
  • HERE'S THE TRICK AGAIN:
    • Add just the private subnets from each AZ
    • That is: priv-a and priv-b
    • Explanation: You want to put your targets in private subnets, but make sure that these AZs are connected to the LB. So pub-a and pub-b make sure your AZs are connected, BUT you put your instances in priv-a and priv-b
  • Hit Next
  • Select Attach to an existing load balancer
  • Scroll down and select your target group
  • Skip to the rest of the page and click Next
  • On the next page configure:
    • Desired capacity - 2
    • Min desired capacity - 1
    • Max desired capacity - 3
  • Skip to the bottom of the page and click Next
  • Do not add notifications - click Next
  • You may add tags if you wish - click Next
  • Review everything, and click on Review Auto Scaling group at the bottom
  • Go to Instances, to see that your instances are running

Testing your ALB

  • Navigate to Load Balancers (ec2 at the bottom)
  • Copy the DNS name for your Load Balancer
  • Paste it to a new browser tab, or use curl to test it.

Hope that this was usefull.