Before starting the tutorial, make sure your VPC has at least two public subnets in different availability zones. Create them needed.
Configuring a target group allows you to register targets such as EC2 instances.
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
-
In the left navigation pane, under Load Balancing, choose Target Groups.
-
Choose Create target group.
-
In the Basic configuration section, set the following parameters:
-
For Choose a target type, select Instance to specify targets by instance ID
-
For Target group name, enter a name for the target group.
-
Leave the Port and Protocol as HTTP 8080.
-
For VPC, select your virtual private cloud (VPC)
-
For Protocol version, select HTTP1.
-
-
In the Health checks section, modify the default settings as needed to perform a health checks to the Flask webserver at endpoint
/status
(simple_flask_webserver). -
Choose Next.
-
In the Register targets page, add one or more targets by selecting one or more instances, enter one or more ports, and then choose Include as pending below.
-
Choose Create target group.
To create an Application Load Balancer, you must first provide basic configuration information for your load balancer, such as a name, scheme, and IP address type. Then, you provide information about your network, and one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and a port for connections from clients to the load balancer.
-
In the navigation pane, under Load Balancing, choose Load Balancers.
-
Choose Create Load Balancer.
-
Under Application Load Balancer, choose Create.
-
Basic configuration
-
For Load balancer name, enter a name for your load balancer.
-
For Scheme, choose Internet-facing. An internet-facing load balancer routes requests from clients to targets over the internet.
-
For IP address type, choose IPv4.
-
-
Network mapping
-
For VPC, select the VPC that you used for your EC2 instances. As you selected Internet-facing for Scheme, only VPCs with an internet gateway are available for selection.
-
For Mappings, select two or more Availability Zones and corresponding subnets. Enabling multiple Availability Zones increases the fault tolerance of your applications.
-
-
For Security groups, select an existing security group, or create a new one.
The security group for your load balancer must allow it to communicate with registered targets on both the listener port and the health check port. The console can create a security group for your load balancer on your behalf with rules that allow this communication. You can also create a security group and select it instead. See recommended rules
-
For Listeners and routing, the default listener accepts HTTP traffic on port 80. Choose different ones port according to your app. For Default action, choose the target group that you created.
-
Review your configuration, and choose Create load balancer. A few default attributes are applied to your load balancer during creation. You can view and edit them after creating the load balancer. For more information, see Load balancer attributes.
Deploy 2 EC2 instances within your VPC, in each instance, run our so-called simple flask webserver.
We will use the locust
Python package to perform a load test.
Locust is an easy to use, scriptable and scalable performance testing tool.
Install it by:
pip install locust
Take a look on the file under Launch the locust test UI by:
cd http_load_test
locust
Open http://localhost:8089. Provide the host name of your server and try it out!
During the load test, turn off one of your instance, observe the behavior.
Enter the interactive self-check page
We would like our load balancers to listen on HTTPS protocol for clients connection. In order to achieve that, we need to create and sign a digital certificate.
In order to create your own SSL certificate, perform the following in your local machine (openssl
required):
- Generate private key as private.pem
openssl genrsa -out private.pem 2048
- Generate public key as public.pem
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
- Create a CSR (Certificate Signing Request) as certificate.csr
openssl req -new -key private.pem -out certificate.csr
- Create a Self-signed certificate as certificate.crt
openssl x509 -req -days 365 -in certificate.csr -signkey private.pem -out certificate.crt
IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. You cannot manage your certificates from the IAM Console.
- To upload a server certificate to IAM (make sure your local aws cli is configured with the proper credentials)
aws iam upload-server-certificate --server-certificate-name <your-cert-name> --certificate-body file://certificate.crt --private-key file://private.pem
-
On the navigation pane, under Load Balancing, choose Load Balancers.
-
Select a load balancer, and choose Listeners, Add listener.
-
For Protocol : port, choose HTTPS and keep the default port or enter a different port.
-
For Default actions, choose Add action, Forward to and choose a target group.
-
For Security policy, we recommend that you keep the default security policy.
-
For Default SSL certificate, choose From IAM and choose the certificate that you uploaded.
-
Choose Save.
-
Test your load balancer over HTTPS.
Sticky session is a load balancing technique commonly used in web applications that require maintaining user session state. It ensures that all requests from a particular user are routed to the same instance that initially handled their request, allowing the server to maintain session data and provide a consistent user experience. This is particularly useful for applications that rely on session-specific information or personalized settings.
-
On the navigation pane, under Load Balancing, choose Target Groups.
-
Choose the name of the target group to open its details page.
-
On the Group details tab, in the Attributes section, choose Edit.
-
On the Edit attributes page, do the following:
-
Select Stickiness.
-
For Stickiness type, select Load balancer generated cookie.
-
For Stickiness duration, specify a value between 1 second and 7 days.
-
Choose Save changes.
-
-
Make sure stickiness is applied by requesting the URL multiple times and validating that you always communicate with the same instance.