DEV Community

Cover image for βš–οΈ AWS 136: High Availability Architecture - Load Balancing Nginx with ALB
Hritik Raj
Hritik Raj

Posted on

βš–οΈ AWS 136: High Availability Architecture - Load Balancing Nginx with ALB

#aws #loadbalancing #devops #100daysofcloud

AWS

🌐 Traffic Management: Decoupling Servers with Application Load Balancers

Hey Cloud Architects πŸ‘‹

Welcome to Day 36 of the #100DaysOfCloud Challenge!
Today, we are assisting the Nautilus team in building a resilient web entry point. Instead of hitting our server's IP directly, we are setting up an Application Load Balancer (ALB). This setup allows us to manage traffic efficiently and ensures that our application stays highly available.

This task is part of my hands-on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real-world DevOps scenarios.

🎯 Objective

  • Launch an Ubuntu EC2 instance named xfusion-ec2 with an automated Nginx setup.
  • Create a specialized Security Group (xfusion-sg) for the backend.
  • Provision an Application Load Balancer named xfusion-alb.
  • Configure a Target Group (xfusion-tg) to link the ALB to the server.
  • Verify the Nginx welcome page is accessible via the ALB DNS name.

πŸ’‘ Why ALB is Better than Direct Access

Directly exposing an instance IP is a "Single Point of Failure." An ALB provides a single, stable DNS name and handles the heavy lifting of routing.

πŸ”Ή Key Concepts

  • Layer 7 Load Balancing: ALBs operate at the Application Layer, allowing them to route traffic based on content like URL paths or hostnames.

  • Target Groups: Think of these as a "Waiting Room" for your servers. The ALB sends traffic to the Target Group, and the TG decides which healthy server gets the request.

  • Security Group Nesting: For maximum security, we configure the EC2 instance to only accept traffic coming from the ALB's security group.

πŸ› οΈ Step-by-Step: The High-Availability Workflow

πŸ”Ή Phase A: Launch EC2 with User Data

  • Provision Instance: Launch xfusion-ec2 using a t2.micro and Ubuntu AMI.
  • User Data Script: Paste this script into Advanced Details to automate the web server: 
  #!/bin/bash
  apt-get update -y
  apt-get install nginx -y
  systemctl start nginx
  systemctl enable nginx
Enter fullscreen mode Exit fullscreen mode
  • Security Group (xfusion-sg): Create this group and allow Inbound HTTP (Port 80).
  • Important: Set the source to the Default Security Group (the one the ALB will use).

πŸ”Ή Phase B: Configure the Target Group

  • Create Target Group: Name it xfusion-tg.
  • Target Type: Select "Instances."
  • Health Checks: Use the default HTTP path /.
  • Register Targets: Select xfusion-ec2 and click "Include as pending below."

πŸ”Ή Phase C: Deploy the Load Balancer

  • Create ALB: Name it xfusion-alb.
  • Scheme: Internet-facing.
  • Network Mapping: Select at least two Availability Zones (AZs).
  • Security Groups: Attach the Default Security Group.

  • Adjustment: Ensure the Default Security Group has an Inbound rule allowing Port 80 from 0.0.0.0/0.

  • Listeners: Forward Port 80 traffic to your xfusion-tg.

βœ… Verify Success

  • Monitor Health: Go to Target Groups and wait until xfusion-ec2 shows a status of 🟒 Healthy.

  • Test the DNS: Copy the DNS Name from your ALB description (e.g., xfusion-alb-1234.us-east-1.elb.amazonaws.com).
  • Confirm: πŸŽ‰ Paste the DNS into your browser. If you see "Welcome to nginx!", your load balancer is working!

πŸ“ Key Takeaways

  • πŸš€ Bootstrapping: User Data ensures the server is ready the moment it joins the Load Balancer.
  • πŸ›‘οΈ Isolation: Our EC2 instance doesn't need to be open to the whole world; it only needs to be open to the ALB.
  • πŸ•’ Propagation: ALBs can take a few minutes to transition from Provisioning to Active.

🚫 Common Mistakes

  • AZ Mismatch: If the ALB is in AZ-a but the instance is in AZ-b, and you didn't enable cross-zone load balancing or select both AZs, the traffic will fail.
  • Health Check Fails: If Nginx isn't running, the ALB will mark the instance "Unhealthy" and won't send it any traffic.
  • Default SG Rules: Forgetting to open Port 80 on the Default Security Group attached to the ALB.

🌟 Final Thoughts

You’ve just built a scalable entry point for the Nautilus project! This architecture is the standard for modern web applications. If you need more power later, you can simply add more instances to the Target Group without ever changing the URL your users see.

🌟 Practice Like a Pro

If you want to try these tasks yourself in a real AWS environment, check out:
πŸ‘‰ KodeKloud Engineer - Practice Labs

It’s where I’ve been sharpening my skills daily!

πŸ”— Let’s Connect

Top comments (0)