π Traffic Control: Routing Requests with AWS ALB
Hey Cloud Architects π
Welcome to Day 24 of the #100DaysOfCloud Challenge!
Today, we are taking the Nautilus application to the next level. Instead of hitting our EC2 instance directly, we are placing an Application Load Balancer (ALB) in front of it. This is the foundation for scaling and fault tolerance.
π― Objective
- Create a Security Group (
nautilus-sg) to allow public HTTP traffic. - Provision an Application Load Balancer named
nautilus-alb. - Create a Target Group named
nautilus-tgand register thenautilus-ec2instance. - Ensure traffic flows from the ALB (Port 80) to the Nginx server (Port 80).
π‘ Why Use an ALB?
Directly exposing an EC2 instance to the internet is rarely done in production.
πΉ Key Concepts
Single Entry PointΒ Β
The ALB provides one DNS name for your users, even if you have 10 servers running behind it.Health ChecksΒ Β
The ALB constantly "pings" your server. If Nginx crashes, the ALB stops sending traffic there, preventing users from seeing error pages.Security AbstractionΒ Β
Your EC2 instance can stay in a private subnet while the ALB sits in the public subnet, acting as a shield.
π οΈ Step-by-Step: The ALB Workflow
Weβll move from Security β Target Groups β Load Balancer.
πΉ Phase A: Configure Security Groups
Create
nautilus-sg: This group is for the ALB. Add an Inbound Rule for HTTP (Port 80) from 0.0.0.0/0 (Everywhere).
Update Instance SG: Ensure the security group attached to
nautilus-ec2allows traffic on Port 80, ideally only from the ALB's security group for maximum security.
πΉ Phase B: Create the Target Group (TG)
-
Initiate
nautilus-tg: Choose "Instances" as the target type. - Protocol: Set to HTTP on Port 80.
-
Register Targets: Select
nautilus-ec2and click "Include as pending below."
β οΈ Lesson Learned: Ensure your Target Group includes the same Availability Zones as your EC2 instance!
πΉ Phase C: Launch the Application Load Balancer
-
Name:
nautilus-alb. - Scheme: Internet-facing.
- Network Mapping: Select at least two Availability Zones (AWS requirement for high availability).
-
Security Groups: Attach the
nautilus-sgyou created in Phase A. -
Listeners and Routing: Set the listener to HTTP:80 and forward to your
nautilus-tg.
β Verify Success
Once the ALB state is Active, follow these steps:
-
Copy the DNS name of your ALB (e.g.,
nautilus-alb-12345.us-east-1.elb.amazonaws.com).
Paste it into your browser.
-
π If you see the Nginx Welcome Page, mission accomplished!
π Key Takeaways
- π Patience is Key: When you first register an instance, the status shows "Unused" or "Initial". You must wait for the health checks to pass before it shows "Healthy".
- π AZ Awareness: As discovered during the task, an ALB must be configured with the correct subnets/AZs to reach its targets.
- π Security Chain: Traffic flows: User β ALB Security Group β EC2 Security Group. Both must be open on the correct ports.
π« Common Mistakes
-
AZ Mismatch: Creating an ALB in AZ
us-east-1awhile your instance is inus-east-1bwithout selecting both in the ALB settings. - Health Check Failure: If your Nginx service isn't running, the ALB will mark the target as "Unhealthy" and won't route traffic.
- Missing Subnets: An internet-facing ALB requires a public subnet with an Internet Gateway.
π Final Thoughts
Building an ALB setup is a huge leap toward becoming a Cloud Engineer. Youβve moved from "running a server" to "designing a system." This setup allows you to add more instances later without changing the URL your users see!
π Letβs Connect
- π¬ LinkedIn: Hritik Raj
- β Support my journey on GitHub: 100 Days of Cloud
Top comments (0)