Questions tagged [amazon-alb]
Amazon Web Services supports three types of Load Balancers. An Application Load Balancer (ALB) functions at the application layer, the seventh layer of the Open Systems Interconnection (OSI) model.
115
questions
21
votes
2
answers
21k
views
AWS Fargate service: scale to zero?
I've recently migrated a small web application to AWS using Fargate and Aurora Serverless. The application doesn't get much traffic so my goal is to save cost while no one is using it. Aurora ...
6
votes
1
answer
11k
views
AWS Application Load Balancer vs Network Load Balancer
I am trying to understand what are the key differences are between ALB (Application Load Balancer) and NLB (Network Load Balancer). I understand that ALB is at layer 7 on the OSI model -- this means ...
6
votes
1
answer
10k
views
ALB Connection Draining is always reaching the "Deregistration Delay"
I'm using ECS along with ALB to expose my containers to the internet. When I'm updating a container image (I'm using CloudFormation to update the tasks and services), the target group set the ...
5
votes
1
answer
5k
views
AWS ALB resolves to 2 IPs. What are they?
I have set up an AWS ALB for my application. The ALB is connected to AWS ECS cluster which has 2 instances. The 2 instances are in private subnets. When I resolve the IP of the ALB DNS name, I get 2 ...
5
votes
1
answer
895
views
ECS Stopped Task not Releasing Port
I have an ECS cluster with ELB. Last night I saw that a task was stuck in restarting loop. From the service Events log, it said:
"service xxxxx was unable to place a task because no container
...
4
votes
1
answer
2k
views
Is there any point in using more than one Application Load Balancer on AWS?
One can add to ALB multiple listeners and rules that can check for hostname and forward requests to appropriate target groups. So, I'm not sure what could be the point in using more than 1 Application ...
4
votes
2
answers
9k
views
AWS Application Load Balancer (ALB) in single az
We have an environment setup in AWS and would like to have an ALB with targets in only one AZ and that only appears on IP address in the same AZ. This is required because of some routing rules that we ...
4
votes
1
answer
5k
views
AWSApplication load balancer - custom headers
I have question regarding AWS ALB. Does anybody knows if it is possible to modify (specifically ADD) custom headers to requests? Something like proxy_set_header in nginx http://nginx.org/en/docs/http/...
4
votes
1
answer
1k
views
Is there a CloudWatch metric that corresponds to ALB data transfer usage/cost?
I have an Application Load Balancer whose data transfer cost I want to monitor.
In Cost Explorer, I can filter on usage type "DataTransfer-Out-Bytes", and see how many GB of data it is ...
4
votes
0
answers
5k
views
Overriding AWS ALB's default error page(s) with custom one(s) using CloudFront
I have an ALB, containing Rules that forward requests to my private EC2s, hosted on AWS, and when I make a new deployment, I have a script in Lambda that turns off my ASGs and turns them back on. ...
3
votes
2
answers
7k
views
Is reverse proxy still required between AWS ALB and application server?
Context
Web application with application server, i.e. Ruby on Rails with puma. Running within a container on AWS ECS with Fargate. Traffic is routed by AWS Application Load Balancer directly to ...
3
votes
1
answer
2k
views
Should I share an AWS application load balancer between applications?
I have two unrelated applications ( they are not two microservices of the same application, but two separate services ) running on Amazon Ec2 or Fargate. Should I share an application loadbalancer ...
3
votes
1
answer
1k
views
Are there any benefits in using HTTPS between a load balancer and EC2 targets?
I've spent some time refactoring a load-balanced web application in AWS in order to make it end-to-end HTTPS, CloudFront->ALB->EC2. This was mostly just for fun, to see if I could do it. Having ...
3
votes
1
answer
1k
views
Cloudwatch event for changes in ALB target groups
I have a lambda function that copies the targets (IP addresses in this case) from one target group to another (deleting any in the second target group that don't appear in the first). This gives us 2 ...
3
votes
1
answer
3k
views
HTTP/2 for ALB with EKS on AWS
I'm experimenting with AWS EKS and have created the following setup:
EKS cluster with a single service/pod/node
AWS ALB ingress controller
ALB
I try to configure the ALB to:
create access logs
...
3
votes
1
answer
3k
views
How do I determine the Container ID so that Terraform can attach it to an ALB target group?
I've used Terraform to create a VPC, subnets, ECS instances, routing and a task definition which I am able to run via the AWS console. That gives me a few instances of my small web app running in ...
3
votes
5
answers
8k
views
Easier way how to put AWS ALB behind Cloudfront with TLS?
I have this flow:
user => Cloudfront with TLS => ALB with TLS => ECS
I encrypted connection between Cloudfront and ALB.
Cloudfront has domain MAIN.DOMAIN.NET + TLS cert configured.
ALB has ...
3
votes
1
answer
2k
views
Using ALB to target PHP-FPM ECS containers
I'd love to know if this is actually posible but I'm sure I've seen it demonstrated by one of our old AWS TAMs.
I am serving PHP-FPM containers (port 9000) out of ECS hosting a PHP application. I am ...
3
votes
1
answer
13k
views
AWS ALB/NLB HTTPS Target with Self-Signed Cert
I am using AWS to build a service. For this service I want to use ACM certificates. The backend is running on an EC2 instance with TLS enabled using a self-signed certificate. Since ACM certificates ...
3
votes
1
answer
1k
views
AWS: ECS/ALB setup, converting a docker-compose file, port mapping to mulitple containers
I know this is not an 'original question'. The general topic is covered extensively. Neverthless i'm struggling with my particular setup:
I'm trying to basically convert the following docker-compose ...
3
votes
1
answer
5k
views
AWS ALB Connection Draining not Closing Connections after Deregistration Delay
I have three instances configured as targets in an ALB. Connection draining is disabled (deregistration delay set to 0 seconds). Sticky sessions are enabled for 5 minutes.
I get stuck to one web ...
2
votes
2
answers
10k
views
How to block loadbalancer forwarding to a specific path?
I have set up ALB loadbalancer. I want to prevent forwarding request towards a specific path like not to go to mydomain.com/admin/
The current Listeners set up look like below:
1 Arn ...
2
votes
2
answers
7k
views
Restricting access to a specific domain on AWS
Our current setup is
ALB -> Target Group -> EC2 instances
At the moment it's possible to access the EC2 servers behind the load balancer using the IP address of the ALB, the DNS Name (e.g. ...
2
votes
2
answers
12k
views
Achieving mTLS with AWS ALB
If I have an ALB in my infrastructure with ECS target groups downstream, will SSL/TLS always be terminated at the ALB?
If so, are my only options ELB/NLB to preserve the SSL/TLS context?
2
votes
1
answer
619
views
On and off requests take very long on my system
EDITED: I have and issue in my AWS system. Every few requests takes almost exactly 130 seconds to answer. When I say a few I mean 5 to 25 or so. Normally if you cancel the slow request and send again ...
2
votes
1
answer
2k
views
How to assign the same elastic IP to a NAT gateway and an ALB?
The architectural diagram shown below is taken from an AWS blog titled Task Networking in AWS Fargate. The blog was posted in January 2018.
The description that comes with the image states that:
...
2
votes
2
answers
5k
views
AWS: How to redirect HTTP to HTTPS on App Load Balancer?
I have a number of IIS web servers behind an App Load Balancer (ALB). The web servers all have self-signed SSL certificate installed and redirect from HTTP to HTTPS using URL rewrite module properly ...
2
votes
1
answer
4k
views
Why is my autoscaling group instance unhealthy?
I'm noticing a very strange issue with an AWS auto-scaling group.
Instances are being reported (incorrectly) as being unhealthy. The instances are then being terminated and replaced unnecessarily. ...
2
votes
2
answers
7k
views
Cannot get websocket connection working with ec2 + application load balancer
I have an aws application load balancer with an https listener on port 9999, forwarding to a group on port 9999 with an ec2-instance being the target.
If I run my websocket server with the host name ...
2
votes
2
answers
6k
views
Nginx container health-check for AWS-ALB
I need to have a health-check path for ALB setup that points to a server which has docker container Nginx. I do not have access inside the EC2 server to add a file there. I can just add something in ...
2
votes
2
answers
2k
views
403 when using Terraform to attach Lambda Function to Target Group w/ ALB
I'm able to create Instances, Target Groups, and ALBs just fine with Terraform, but am getting stuck when trying to use Lambda Functions. It looks like the Lambda function gets created OK along with ...
2
votes
1
answer
760
views
AWS ALB health checks of Windows Server 2022 on a HTTP/1 target group works but not with HTTP/2
I have set up an AWS application load balancer with a target group specified to be HTTP/1. The target group contains a single Windows Server 2022 instance running IIS. The health check functionality ...
2
votes
1
answer
38
views
Managing AWS EC2 and RDS autoscalling configuraiton
A client of ours generally can get away with running just the one EC2 and also has an Aurora serverless MySQL 5.7 database running, however there are times when their load spikes up significantly. e.g....
2
votes
0
answers
907
views
AWS ALB and HAProxy Keep-Alive header
Has any one come across this behavior?
AWS ALB is sending traffic to HaProxy.
HaProxy sets keep-alive header to 29 seconds.
Client connected to ALB does not see this header.
It can only see "...
2
votes
0
answers
906
views
How do you route to a mix of HTTP and HTTPS backends from an ALB Ingress?
I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
Requests ...
2
votes
0
answers
2k
views
AWS Application Load Balancer 502 Bad Gateway
I am using AWS ECS Fargate and have an application load balancer to forward all the connections to the correct instance.
I did already manage to get up a cluster and a service up and running ...
1
vote
2
answers
5k
views
AWS ALB for TCP socket connections on a custom port number?
I have an application load balancer (ALB) and a number of web servers behind it. Apart from HTTP and HTTPS, the web servers also serve long-lasting TCP socket connections on port 52345.
When a client ...
1
vote
3
answers
1k
views
terraform: Configuring load-balancer to use dynamic port of ECS task/service in AWS
This is sort-of a general question for how dynamic port assignments are supposed to work, though my specific context is trying to figure-out if there is a natural way for a target-group to know the ...
1
vote
1
answer
343
views
AWS Application Load Balancer: how many IPv4 vs IPv6 network interfaces?
Because AWS has started to charge for public IPv4 addresses, I'm looking into how many public IPv4 addresses my Application Load Balancers are using.
Right now, they are listening on IPv4 only, and it'...
1
vote
1
answer
2k
views
How to authorize only IP from a Fargate ECS service for MongoDB Atlas Cluster
I have an ECS Fargate service mapped to an Application Load Balancer on AWS. In this service, there are several task that are frequently killed and restart.
These tasks should be able to connect to a ...
1
vote
1
answer
710
views
Keycloak w/ EKS + ALB (401 after auth)
I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with ...
1
vote
1
answer
2k
views
AWS alb and DNS routing
I have example.com behind ALB
Since I'm using external DNS service other than route53,
I created a CNAME in my DNS service such as
some-unique-name.ap-northeast-2.elb.amazonaws.com pointing to ...
1
vote
1
answer
2k
views
Whether AWS ALB can route to different URLs within the same instance (not container based)?
I am planning to host 3 URLs on one Ec2 instance(linux and not container based) and do path based routing. Can you please help to find out whether ALB supports multiple URLs within the same instance.
...
1
vote
0
answers
751
views
AWS Sticky session cookie not working
I'm using an application load balancer with the target group of two instances. In the target group, I have enabled application based cookie. However whenever I test the load balancer, it keeps ...
1
vote
1
answer
105
views
AWS EC2 not showing a request for IP Issue
My AWS web servers are not showing a request for example '42.26.32.120'
after running some athena queries
We are unable to identify the cause of the issue, as the IPs is not in any of the access logs ...
1
vote
0
answers
147
views
How to reduce the time it takes a request to pass from a ALB to the actual Fargate Server?
I have a webhook endpoint where our service provider send a payload which I have to respond to within 2 seconds. I've been getting way too many timeout errors from the service provider, meaning I wasn'...
1
vote
0
answers
500
views
aws-load-balancer-controller annotations not working
I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-...
1
vote
0
answers
388
views
Apache 502 bad gateway response when using AWS Application Load Balancer and Centos 7
I am new in Linux/centos, I configured a Laravel application in my AWS EC2 Instance (Centos 7),The application was working fine but after that I configured a Application Load Balancer to use path ...
1
vote
1
answer
350
views
AWS ALB SSL/TLS offloading security
AWS ALBs allow one to configure an SSL/TLS certificate for encrypting traffic between the client and the LB. Traffic between the LB and the target can be protected with a certificate, but target ...
1
vote
0
answers
482
views
Persistent 502s from AWS ALB
This is our architecture:
Cloudflare -> ALB 1 -> Nginx API Gateway -> ALB 2 -> (Nginx Sidecar -> Application)
The application and the sidecar are on the same box and communicate via unix domain ...