AWS Network Load Balancer
An NLB serves as the single point of contact for clients and automatically distributes the incoming traffic uniformly across multiple targets. The targets are the EC2 instances within the same or different AZs.
Prerequisites:
- A default VPC. It is a VPC in a default region and has a public subnet in each Availability Zone. Refer to the create a default VPC(opens in a new tab) for more details. Just to ensure you have the right set of VPC, subnet, route table, and internet gateway available, refer to the snapshots below.
Create a default VPC
Info about a default VPC
Prerequisite 1: A default VPC
Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.
Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway
Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.
Step 1. Create the first EC2 instance
The steps below show how to create the first EC2 instance in a public subnet in any one Availability Zone, and install the Apache webserver on it. Use the following configuration, and leave the remaining values as the defaults.
- Navigate to the EC2 Dashboard page, and click on the Launch Instance wizard to launch an instance. Choose the AMI and instance type as:
Step | Value |
1. Amazon Machine Image (AMI) | Amazon Linux 2 AMI (HVM), SSD Volume Type |
Note: You have chosen a Free Tier Eligible AMI |
| 2. Instance Type | t2.micro
|
* At the next step, Configure Instance Details, use the following values:
Field | Value |
Number of Instances | 1 |
Network | Select the default VPC that has public subnets in different AZs |
Subnet | Choose any, for example us-east-2a |
Auto-assign Public IP | Enable |
Navigate to the EC2 dashboard and click Launch instances
Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan
Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.
- Under the Advanced Details → User data section, add the following configuration script to run automatically during launch.
#!/bin/bash
sudo yum update -y
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server
sudo systemctl start httpd
sudo systemctl enable httpd
sudo chkconfig httpd on
# Set file permissions for the Apache web server
sudo groupadd www
sudo usermod -a -G www ec2-user
sudo chgrp -R www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
# Create a new index.html file at /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html
The script above will install, configure, and launch the Apache webserver on the Amazon (Redhat) Linux EC2 instance. For Ubuntu based systems, you can install Apache web server as:
#!/bin/sh
sudo apt update
sudo apt install apache2 -y
sudo ufw allow 'Apache'
sudo systemctl start apache2
# Create a new index.html file at /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html
For troubleshooting, SSH log into the machine and verify the contents of /var/www/html/index.html file. You can learn more about the individual steps at Create an EC2 instance and install a web server(opens in a new tab).
Specify the user data to configure the EC2 instance
- Generate and download a new key pair, at the last stage of the Launch Instance wizard.
Important: This key-pair will allow you to log into your instance, using SSH, from your local machine. Save the key-pair carefully, because the same private key cannot be re-generated.
Step 2. Create the second EC2 instance in a separate Availability Zone
Launch the second EC2 instance using the same steps above, except for the following changes at the Configure Instance Details step:
Select another public subnet in a different AZ, say
us-east-2d
Replace the last line of the user data (shell script) with
echo "<html> <head><title>server 02</title> </head> <body><h1>This is server 02 </h1></body> </html>" > /var/www/html/index.html
Additionally, change the tag to Name: Server-B
.
Step 3. Verify the Web server installation
- Confirm that the newly created EC2 instances are in the
running
state.
Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2d.
- Verify that the Apache server is running successfully on both the EC2 instances. Simply copy, and paste the public IPv4 address of each instance in a new browser window. If the Apache is configured successfully, you will see the Apache welcome page.
Note: We have opened the HTTP traffic on the default port, therefore the public IPv4 address should be prepended with
http://
, instead ofhttps://
.
- Configuring the secure HTTPS on EC2(opens in a new tab) will add overhead to the current experiment, and you may deviate from the intent of learning an NLB.
Need help?: Refer to the How do I troubleshoot an unresponsive website hosted on my EC2 instance(opens in a new tab) or clean restart the exercise by deleting the VPC, and EC2 resources again.
The image above shows the output at HTTP (not HTTPS), such as, http://174.129.73.211/
and http://http://54.234.18.17/
Step 4. Create an NLB
- Select the Load Balancers service on the left-hand side menu of the EC2 dashboard, and click on the Create Load Balancer button.
Click on the Create Load Balancer button
- You will be prompt to choose the type of load balancer: Application, Network, or Classical load balancer. Choose to create a Network Balancer.
- At the first step, Configure Load Balancer, use the following basic configuration details
Section | Field | Value |
Basic Configuration | Name | udacity-nlb |
Scheme | internet-facing | |
Availability Zones | VPC | Choose default-vpc |
Availability Zones | Check the two where you've launched the EC2 instances, |
such as us-east-2a
and us-east-2d
|
Create a new Application Load Balancer
Give it a name and set as Internet-facing
Add the networking mapping by selecting the Subnet region you selected in your instances
Create a new target group
Skip the Configure Security Settings step, by clicking the Next button.
At the Configure Routing step, use the following configuration details in the Target group section:
Field | Value |
Target group | New target group |
Name | UdacityNLBTarget |
Target type | Instances |
Protocol | TCP |
Port | 80 |
* At the Register Targets step, add the two EC2 instances created previously to the target group.
Set Instances as target type and give it a name
Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list
- Leave the remaining things as default, and finish creating the NLB.
Step 5. Test the NLB
You will be taken back to the Load Balancers dashboard. Copy the DNS name of the newly created NLB, and open it in your browser. A sample DNS name looks like this:
Paste the copied DNS name to a new browser window and refresh the browser a few times, each after a few seconds. You will notice that sometimes the request is redirected to Server-A, and other times, it is routed to Server-B.
The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.An NLB serves as the single point of contact for clients and automatically distributes the incoming traffic uniformly across multiple targets. The targets are the EC2 instances within the same or different AZs.
Prerequisites:
- A default VPC. It is a VPC in a default region and has a public subnet in each Availability Zone. Refer to the create a default VPC(opens in a new tab) for more details. Just to ensure you have the right set of VPC, subnet, route table, and internet gateway available, refer to the snapshots below.
Create a default VPC
Info about a default VPC
Prerequisite 1: A default VPC
Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.
Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway
Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.
Step 1. Create the first EC2 instance
The steps below show how to create the first EC2 instance in a public subnet in any one Availability Zone, and install the Apache webserver on it. Use the following configuration, and leave the remaining values as the defaults.
- Navigate to the EC2 Dashboard page, and click on the Launch Instance wizard to launch an instance. Choose the AMI and instance type as:
Step | Value |
1. Amazon Machine Image (AMI) | Amazon Linux 2 AMI (HVM), SSD Volume Type |
Note: You have chosen a Free Tier Eligible AMI |
| 2. Instance Type | t2.micro
|
* At the next step, Configure Instance Details, use the following values:
Field | Value |
Number of Instances | 1 |
Network | Select the default VPC that has public subnets in different AZs |
Subnet | Choose any, for example us-east-2a |
Auto-assign Public IP | Enable |
Navigate to the EC2 dashboard and click Launch instances
Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan
Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.
- Under the Advanced Details → User data section, add the following configuration script to run automatically during launch.
#!/bin/bash
sudo yum update -y
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server
sudo systemctl start httpd
sudo systemctl enable httpd
sudo chkconfig httpd on
# Set file permissions for the Apache web server
sudo groupadd www
sudo usermod -a -G www ec2-user
sudo chgrp -R www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
# Create a new index.html file at /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html
The script above will install, configure, and launch the Apache webserver on the Amazon (Redhat) Linux EC2 instance. For Ubuntu based systems, you can install Apache web server as:
#!/bin/sh
sudo apt update
sudo apt install apache2 -y
sudo ufw allow 'Apache'
sudo systemctl start apache2
# Create a new index.html file at /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html
For troubleshooting, SSH log into the machine and verify the contents of /var/www/html/index.html file. You can learn more about the individual steps at Create an EC2 instance and install a web server(opens in a new tab).
Specify the user data to configure the EC2 instance
- Generate and download a new key pair, at the last stage of the Launch Instance wizard.
Important: This key-pair will allow you to log into your instance, using SSH, from your local machine. Save the key-pair carefully, because the same private key cannot be re-generated.
Step 2. Create the second EC2 instance in a separate Availability Zone
Launch the second EC2 instance using the same steps above, except for the following changes at the Configure Instance Details step:
Select another public subnet in a different AZ, say
us-east-2d
Replace the last line of the user data (shell script) with
echo "<html> <head><title>server 02</title> </head> <body><h1>This is server 02 </h1></body> </html>" > /var/www/html/index.html
Additionally, change the tag to Name: Server-B
.
Step 3. Verify the Web server installation
- Confirm that the newly created EC2 instances are in the
running
state.
Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2d.
- Verify that the Apache server is running successfully on both the EC2 instances. Simply copy, and paste the public IPv4 address of each instance in a new browser window. If the Apache is configured successfully, you will see the Apache welcome page.
Note: We have opened the HTTP traffic on the default port, therefore the public IPv4 address should be prepended with
http://
, instead ofhttps://
.
- Configuring the secure HTTPS on EC2(opens in a new tab) will add overhead to the current experiment, and you may deviate from the intent of learning an NLB.
Need help?: Refer to the How do I troubleshoot an unresponsive website hosted on my EC2 instance(opens in a new tab) or clean restart the exercise by deleting the VPC, and EC2 resources again.
The image above shows the output at HTTP (not HTTPS), such as, http://174.129.73.211/
and http://http://54.234.18.17/
Step 4. Create an NLB
- Select the Load Balancers service on the left-hand side menu of the EC2 dashboard, and click on the Create Load Balancer button.
Click on the Create Load Balancer button
- You will be prompt to choose the type of load balancer: Application, Network, or Classical load balancer. Choose to create a Network Balancer.
- At the first step, Configure Load Balancer, use the following basic configuration details
Section | Field | Value |
Basic Configuration | Name | udacity-nlb |
Scheme | internet-facing | |
Availability Zones | VPC | Choose default-vpc |
Availability Zones | Check the two where you've launched the EC2 instances, |
such as us-east-2a
and us-east-2d
|
Create a new Application Load Balancer
Give it a name and set as Internet-facing
Add the networking mapping by selecting the Subnet region you selected in your instances
Create a new target group
Skip the Configure Security Settings step, by clicking the Next button.
At the Configure Routing step, use the following configuration details in the Target group section:
Field | Value |
Target group | New target group |
Name | UdacityNLBTarget |
Target type | Instances |
Protocol | TCP |
Port | 80 |
* At the Register Targets step, add the two EC2 instances created previously to the target group.
Set Instances as target type and give it a name
Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list
- Leave the remaining things as default, and finish creating the NLB.
Step 5. Test the NLB
You will be taken back to the Load Balancers dashboard. Copy the DNS name of the newly created NLB, and open it in your browser. A sample DNS name looks like this:
Paste the copied DNS name to a new browser window and refresh the browser a few times, each after a few seconds. You will notice that sometimes the request is redirected to Server-A, and other times, it is routed to Server-B.
The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.