How to setup load balancer with Elastic file system (EFS) in AWS? Part 3

5 min read. May 14, 2022

Hello everyone, If you’re here then I hope that you’ve been following the last two articles on configuring an elastic load balancer with EFS. As a prerequisite, we've configured the VPC and subnets in the last article. I will describe how to configure an application load balancer in this article.

Before jumping in, let's briefly overview the components of the load balancer. According to AWS docs, a load balancer has two main components, viz. a listener and target groups. 

A listener watches for incoming requests from the clients and forwards it to the target groups. For example, you can configure a listener to check for incoming requests from HTTPS protocol on port 443 and forward it to the multiple target groups.

Target groups consist of a set of resources (EC2 instances, lambda function or an application load balancer itself) which serves the forwarded requests from the load balancer based on the protocol and port configured. In our configuration, the target group consists of EC2 instances.

The following steps can be followed to configure an application load balancer: 

1. Launch EC2 instances (web servers)

2. Create target group and register targets

3. Create an application load balancer and configure listeners

Launch EC2 instances

The first step is to launch two EC2 instances in the private subnets of the VPC that we’ve created in the last article. As these EC2 instances don’t need to be accessed from the internet, you can launch them on the private subnet. The steps to launch an instance is simple and is clearly documented on the aws documentation. It would be redundant to list down all of the steps hence I’ll only point out the step that is specific to our configuration. 

In the Network settings section of the EC2 launching wizard, select the VPC and private subnets (one for each EC2 instance) configured in the last article. The rest of the configuration can be adjusted based on your requirements. 

The EC2 instances in the private subnets cannot be connected from the internet gateway therefore, you need to set up another EC2 instance in the public subnet as a Bastion host. You can then SSH into the Bastion host using the private key file (generated while launching the instance) and connect to the EC2 instances in the private subnets to configure the web server and deploy your code. The process is clearly demonstrated on this Youtube video.

Create target groups and register targets

The steps to configure the target groups can be reached by clicking on the Target groups link under the Load balancing section of the EC2 dashboard. Then, click on the Create target group button. 

The steps below can be followed to configure target groups for the load balancer.

Specify group details on the first step: 

Register targets on the second step:

The same step as above can be followed to configure the second target group. Make sure to select the second EC2 instances on the second step.

You might have noticed that we’ve selected the HTTP protocol between the load balancer and the target groups as such configuration provides best performance since they are in the same local network.

Create an application load balancer and configure listeners

In the EC2 dashboard, click on the Load balancers link under the Load balancing section. It’ll take you to the load balancer dashboard. Click on the Create Load Balancer button and select application load balancer for the load balancer types.

The steps below can be followed to configure an application load balancer.

In the Basic configuration section:

In the Network mapping section:

In the Security group section, create a security group with an inbound rule having port 80, 443 and 22 open. Or it can be adjusted based on your requirements.

For Listeners and routing section:

When HTTPS protocol is selected, you need to configure the Secure listener settings to deploy the SSL certificate on the load balancer. Also, AWS doesn’t let you configure multiple target groups for the same protocol (HTTPS or HTTP) while creating a load balancer. However, you can add them after the load balancer is created (described below). 

Finally, you can click on the Create load balancer button at the bottom right corner of the dashboard.

Additional configuration

Add target groups on the Load balancer

In order to add additional target groups on the load balancer, you can revisit the Load balancing dashboard and click on the recently created load balancer. A configuration section as screenshot below will appear at the bottom of the page.

You can then click on the Listeners tab and click on the HTTPS : 433 checkbox. Finally, click on the Edit button.

You can add the second target group and save the changes.

Redirect all Http traffic to Https

Load balancer makes it easy to redirect all traffic on Http to Https meaning that when users type http://yourcoolwebsite.com then it will be redirected to https://yourcoolwebsite.com. Cool, right? It simply requires adding another listener by clicking on the Add listener button from the Load balancing dashboard (similar to adding target group as above). You can select the configuration as below and make sure to save changes.

 

Wrapping up

To summarize, an application load balancer can be configured by launching at least two EC2 instances in the private subnets and one bastian host in the public subnet. Subsequently, the target group needs to be created by configuring protocols and registering the EC2 instances as targets. Lastly, the application load balancer can be created by launching it in the public subnets and configuring listeners.

Feel free to get in touch with me if you've any questions.

References

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

https://serverfault.com/questions/68753/does-each-server-behind-a-load-balancer-need-their-own-ssl-certificate