Elastic Load Balancing: how to configure (AWS certification)

aws certification

Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling.

We are going to resolve the exercises for the chapter 5, Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling. This chapter contains exercises which are long but they show the potential of AWS, Cloud and Elastic infrastructure, so it is highly advise you complete them.

Austral Tech is a leading company which specializes in delivering Support and Professional Services, you can expect the highest level of quality on our services, because we are expert on Support. On this post, we will continue with the preparation for the AWS CERTIFIED SOLUTIONS ARCHITECT EXAM. Remember the exercises we are solving here are from AWS Certified Solutions Architect Official Study Guide: Associate Exam by Joe Baron and others. Without further do, lets start!

EXERCISE 5.1: Create an ELB Load Balancer

In this exercise, you will create an Elastic Load Balancing load balancer and load balance two webservers

1.Launch two Amazon EC2 instance using an AMI with a web server on it, or install and configure a web server.

Let’s get back to our post explaining how to launch EC2 instances and create two of them with the following commands:

First we create the security groups allowing port 22(SSH) and 80 (HTTP)

Create a new security group called Cert Book

aws ec2 create-security-group --group-name chapter5 --description "chapter5"

Output:

{   "GroupId": "sg-084faf26e8a53e149" }

After that, add a rule to Cert Book allowing SSH access from the IP address of your workstation ( www.WhatsMyIP.org is a good way to determine your IP address) and from the security group itself so the ELB can connect to the webservers:

aws ec2 authorize-security-group-ingress --group-id sg-084faf26e8a53e149 --protocol tcp --port 22 --cidr 200.1.2.3/32
aws ec2 authorize-security-group-ingress --group-id sg-084faf26e8a53e149 --protocol tcp --port 80 --cidr 200.1.2.3/32
aws ec2 authorize-security-group-ingress --group-id sg-084faf26e8a53e149 --protocol tcp --port 80 --source-group sg-084faf26e8a53e149

At this point, we create the instances:
We will use Ubuntu AMI ami-09f4cd7c0b533b081, the security group we just created and we need to specify our SSH key pair as usual. Also very important on this steps is to assign the subnet to each instance and verify they are in different Availability Zones. In order to load balance them using ELB, they cannot be in the same AZ.

So, four our example we will use:

subnet-39d81c62 (AZ sa-east-1c)

subnet-9c6c92fa (AZ sa-east-1a)

aws ec2 run-instances --image-id ami-09f4cd7c0b533b081 --instance-type t2.micro --key-name AWSKey --security-group-ids sg-084faf26e8a53e149 --subnet-id subnet-39d81c62
aws ec2 run-instances --image-id ami-09f4cd7c0b533b081 --instance-type t2.micro --key-name AWSKey --security-group-ids sg-084faf26e8a53e149 --subnet-id subnet-9c6c92fa
aws ec2 run-instances --image-id ami-09f4cd7c0b533b081 --instance-type t2.micro --key-name AWSKey --security-group-ids sg-084faf26e8a53e149 --subnet-id subnet-9c6c92fa

Lets describe the instances, with the following command so we can connect to them:

aws ec2 describe-instances | grep PublicDnsName

The instances’ public DNS name we get back are:

 ec2-54-232-251-107.sa-east-1.compute.amazonaws.com
 ec2-18-228-193-249.sa-east-1.compute.amazonaws.com


We then connect:

ssh -i AWSKey.pem ubuntu@ec2-54-232-251-107.sa-east-1.compute.amazonaws.com
ssh -i AWSKey.pem ubuntu@ec2-18-228-193-249.sa-east-1.compute.amazonaws.com



2.Create a static page to display and a health check page that returns HTTP 200. Configure the Amazon EC2 instance to accept traffic over port 80.

In order to complete this step, we will install apache as follows:

sudo apt-get install apache2

After, we will set a page where we can distinguish what webserver we are hitting, we can do this running:
On ec2-54-232-251-107.sa-east-1.compute.amazonaws.com shell:

ubuntu@ip-172-31-17-57:~$ sudo bash -c "echo Host 1 > /var/www/html/index.html"
ubuntu@ip-172-31-17-57:~$ curl localhost
Host 1
ubuntu@ip-172-31-17-57:~$ 

on ec2-18-228-193-249.sa-east-1.compute.amazonaws.com:

ubuntu@ip-172-31-15-165:~$ sudo bash -c "echo Host 2 > /var/www/html/index.html"
ubuntu@ip-172-31-15-165:~$ curl localhost
Host 2
ubuntu@ip-172-31-15-165:~$ 


Ok, so now we have our two webservers running and presenting a webpage.We will test thar remotely to make sure everything is OK:

user@australtech.net:~$ curl ec2-54-232-251-107.sa-east-1.compute.amazonaws.com
 Host 1
user@australtech.net:~$ curl ec2-18-228-193-249.sa-east-1.compute.amazonaws.com
 Host 2
user@australtech.net:~$ 

so far so good!

3. Register the Amazon EC2 instance with the Elastic Load Balancing load balancer, and configure it to use the health check page to evaluate the health of the instance.

We will follow this steps:

   o Create a load balancer

   o Create a target group

   o Register targets for the target group

   o Create one or more listeners for your load balancer

Create a load balancer

We will create the ELB load balancer, we will use ELB version 2. In order to use ELB we need to have two subnets on two different subnets. When we create the Linux instances, by default they may get assigned to the same subnet, so be sure you specify the subnet with the –subnet-id switch. The key important aspect is the subnets need to be on different Availability zones otherwise the creation of the ELB will fail.

aws elbv2 create-load-balancer --name my-load-balancer --subnets subnet-39d81c62 subnet-9c6c92fa

Take note of the loadbalancer ARN (LoadBalancerArn) as we will need it later. in our example it was: “arn:aws:elasticloadbalancing:sa-east-1:772378070873:loadbalancer/app/my-load-balancer/007856bc4fe4a9df”

Create a target group

In order to create a target group we need to specify a VPC. The VPC id where our subnets exist is vpc-da024ebd so we will run the following command to create the Target Group:

aws elbv2 create-target-group --name my-targets --protocol HTTP --port 80 --vpc-id vpc-da024ebd

The output of this command will present you with data from the target group, make note of the Target group ARN as we will need it for the next step.
On our example the ARN was: “TargetGroupArn”: “arn:aws:elasticloadbalancing:sa-east-1:772378070873:targetgroup/my-targets/104412491db8d5d8”

Elastic Load Balancing EC2 AWS

Register targets for the target group

For this step we will need the instances id and the TargetGroup ARN. For getting the instances id run the following command:
aws ec2 describe-instances | grep InstanceId
We will get the instances id, in our case they are:
i-088910eb70400db12
i-07e351760028a5f7e

With this information we can register the targets to the Target Group running this:

aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:sa-east-1:772378070873:targetgroup/my-targets/104412491db8d5d8 --targets Id=i-088910eb70400db12 Id=i-07e351760028a5f7e

The final step is to create a listener on the load balancer which will receive the traffic and forward it to the webservers.

aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:sa-east-1:772378070873:loadbalancer/app/my-load-balancer/007856bc4fe4a9df --protocol HTTP --port 80 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:sa-east-1:772378070873:targetgroup/my-targets/104412491db8d5d8

After everything has been created we are going to set the seuciry group we were using on the instances to the load balancer too:

aws elbv2 set-security-groups --load-balancer-arn arn:aws:elasticloadbalancing:sa-east-1:772378070873:loadbalancer/app/my-load-balancer/007856bc4fe4a9df --security-groups sg-084faf26e8a53e149

The final step would be to get the public DNS name of the load balancer so we can try to connect to it and effectivaly check is load balancing, we can do that running:

aws elbv2 describe-load-balancers | grep DNSName

We will get an output like this one:

"DNSName": "my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com"

So, lets check we can resolve the load balancer dns name using dig:

$ dig my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9750
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com. IN A

;; ANSWER SECTION:
my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com. 59 IN A 54.232.192.213
my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com. 59 IN A 54.233.76.35

OK, we got two IP address associated to our Load Balancer, so that is a good indication. Now lets try to get the webpage using curl:

user@australtech.net:~$ curl my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com
 Host 2
 user@australtech.net:~$ curl my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com
 Host 1
 user@australtech.net:~$ curl my-load-balancer-1430974285.sa-east-1.elb.amazonaws.com
 Host 2

Sucess!!! We can see how the load balancer presents the webpage and is actually round robing between the two servers.

If for whatever reason you don’t get that output you may need to do some troubleshooting, go thru the steps again, perform the checks after each step and make sure you are not missing anything.
Before getting into the load balancer configuration, make sure you can connect to your webservers remotely on port 80 and get the webpage.
Also check if the security groups are correctly asociated with the right rules and the targets are UP and healthy from the load balancer point of view.
You can cheat and use the GUI at this point :), if the webserver are healthy you should see something like this:

I hope you enjoyed this post, on the next post we will use CloudWatch to monitor metrics from this loadbalancer. See you there!