- Can distribute load over compute resources, Ec2, IPs, Containers.
- Monitors health of targets.
- Supports hybrid load balancing. Can distribute load to on-premises and cloud resources. This helps esasy migration to AWS.
-Represented by a DNS name and set of ports.
- Launch Configuration will need to define Target Groups. This can hane target type sets as Instance, IP,(Lamda).
- Monitors health of targets.
- Supports hybrid load balancing. Can distribute load to on-premises and cloud resources. This helps esasy migration to AWS.
-Represented by a DNS name and set of ports.
- Launch Configuration will need to define Target Groups. This can hane target type sets as Instance, IP,(Lamda).
-Need to enable availability zone, when enabling nodes from the availability zone.
-Supports cross-zone load balancing. Instances can be in multiple availability zones. It is enabled by default for ALB and disabled for TLB.
- Can Accept incoming request based on configuring lisners. Some rules applies, then forward the request to healthy targets.
ALB:
Listner supports protocol from 1 to 65535. If configured for https, ssl/TLS server X.509 certificate required. ALB encrypt the request before sending to target group.
Lower rule number represents higher priority.
TNS Listener:
ALB:
Listner supports protocol from 1 to 65535. If configured for https, ssl/TLS server X.509 certificate required. ALB encrypt the request before sending to target group.
Lower rule number represents higher priority.
TNS Listener:
- The load balancer requires X.509 certificates (server certificate).When you create a certificate for use with your load balancer, you must specify a domain name.
- We recommend that you create certificates for your load balancers using AWS Certificate Manager (ACM).
- Alternatively, you can use TLS tools to create a certificate signing request (CSR),
then get the CSR signed by a CA to produce a certificate,
then import the certificate into ACM or upload the certificate to AWS Identity and Access Management (IAM) NLB:
then get the CSR signed by a CA to produce a certificate,
then import the certificate into ACM or upload the certificate to AWS Identity and Access Management (IAM) NLB:
NLB does not support TLS negotiation.
- A security policy is a combination of protocols and ciphers. Network Load Balancers do not support custom security policies.
- To use a TLS listener, you must deploy at least one server certificate on your load balancer.
Components:
- Load balancers : Monitor the traffic and handle requests that come in through the Internet.
- Controller service : Monitors the load balancers, adding and removing load balancers as needed and verifying that the load balancers are functioning properly.
as-create-launch-config --show-request Displays the URL the tools used to call the AWS Service. The default value is 'false'.
Access Log:
- proxy Protocol header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections.
- The access logs from your back-end instance contain the IP address of the load balancer instead of the originating client.
- A security policy is a combination of protocols and ciphers. Network Load Balancers do not support custom security policies.
- To use a TLS listener, you must deploy at least one server certificate on your load balancer.
Components:
- Load balancers : Monitor the traffic and handle requests that come in through the Internet.
- Controller service : Monitors the load balancers, adding and removing load balancers as needed and verifying that the load balancers are functioning properly.
as-create-launch-config --show-request Displays the URL the tools used to call the AWS Service. The default value is 'false'.
Access Log:
- proxy Protocol header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections.
- The access logs from your back-end instance contain the IP address of the load balancer instead of the originating client.
Stateful Application:
ELB sticky sessions
Cookies has limitation of 4 KB, and can be altered.
Server session using Elastic cache/ DynoDB.
Use EFS for images to avoid EBS syncup across AZ.
Golden AMI, Bootstrap using User Data, Restore data from DB snapshot, EBS from Snapshot.
Golden AMI- > snapshot a state after application installation, future instance can boot up from the AMI.
EC2 instance hibernate is not supported in autoscaling group use EBS instead.
EC2 instance hibernate is not supported in autoscaling group use EBS instead.
ASG"
You cannot edit a launch configuration once defined. In this case you can create a new launch configuration that uses the new AMI and any new instances that are launched by the ASG will use the new AMI.
No comments:
Post a Comment