AWS Load Balancing all of same websocket route to the same instance - amazon-web-services

I'm writing an application where multiple users connect to a websocket server with the following url as an example wss://example.com/ws/1234.
Multiple users may connect to the same one and I require them to all connect to the same ec2 instance. All that try to connect to wss://example.com/ws/1234 will go to the same server, and all users that connect to wss://example.com/ws/4325 will also go to the same server. These routes are generated dynamically.
If a client is the first client to connect to an endpoint, it will route them to the server with the least CPU load. If a client is connecting to an endpoint that has already been connected to, they will be sent to the same server.
I've tried going into the listener rules for my ec2 auto-scaling group. But, I couldn't find any settings that seemed like they would do the trick.
My attempt:

Related

Proxy through EC2 Instance on lambda functions locally using squid

So I have a lambda function that sends a request to an API through the EC2 IP and everything works fine...
Except when I try to send the request locally while testing it doesn't work as the EC2 IP is the only whitelisted IP and my IP is dynamic so it changes alot
What I thought of doing is adding Squid and proxying through it which works fine if I use ssh to connect to it whether requests sent to http or https but that created another problem not all the developers will have access to that EC2 instance...
So I made it publically available and made basic authentication on it except now it doesn't requests to HTTPS unless its google or certain websites.
My question is that why do requests to HTTPS always not work when connecting to the proxy without the SSH tunnel but if it's on something like google it works instantly cause they have less redirects

App running in AWS EC2 has been seen under different client IP while connecting to different servers. Why?

I have 2 servers running in my own hosting: auth-server and application server. Auth server issues an auth-token for application server. Application server checks issued token and client ip (it must match ip that was used to get the token). In majority of cases it works OK but not when client is in AWS EC2. For some reason client IP (how client is seen for my servers) changes when client is located in AWS EC2 instance. Is it normal situation that AWS can use different network interfaces to connect to different servers?

Sending Requests from postman to AWS ec2 instance

I have my ec2 instance running a docker image and id like to test the functionality of my routes with postman, however whenever I ping the ec2 public dns, it says connection refused. I have the security group opened up for all traffic from my machine and am running the postman desktop app. The example route I'm trying to hit is
https://{IP address here}.compute-1.amazonaws.com:6000/register
and I'm sending a post request with some json in it. All of this works fine on my local machine. Please tell me what I'm missing?
You can't use https:. Instead you must use http: as default EC2 instance url does not support HTTPS. For valid https, the easiest way is to setup ALB or set it up on an instance directly.

I want to deploy a multi-tier web app into AWS but don't understand how to set it up

I was hoping someone may be able to explain how I would setup a multi-tiered web application. There is a database tier, app tier, web server tier and then the client tier. I'm not exactly sure how to separate the app tier and web server tier since the app tier will be in a private subnet. I would have the client send the request directly to the app server but the private net is a requirement. And having the app server separated from the web server is a requirement as well.
The only idea I have had was to serve the content on the web server and then the client will send all requests to the same web server on another port. Like port 3000, if a request is captured on that port, a node app using express will forward the request to the app tier since the web server can speak to the app server.
I did setup a small proof of concept doing this. The web server serves the content, then I have another express app setup to listen on port 3000, the client sends the request on port 3000 and then it just sends the exact same thing back to the app server.
This is my current setup with the web servers hosting two servers. One to serve the frontend on port 80 and one to receive requests on port 3000. The server listening on port 3000 forwards all requests to the app server ALB(It's basically a copy of all the same routes on the app server but it just forwards the requests instead of performing an action). But is there a way to not have this extra hop in the middle? Get rid of the additional server that is listening on 3000 without exposing the internal ALB?
To separate your web servers and application servers, you can use a VPC with public and private subnets. In fact, this is such a common scenario that Amazon has already provided us with documentation.
As for a "better way to do this," I assume you mean security. Here are some options:
You can (and should) run host based firewalls such as IP tables on your hosts.
AWS also provides a variety of options.
You can use Security Groups, which are statefull firewalls for your hosts
You can also use Network Access Control Lists (ACLs), which are stateless firewalls used to control traffic in and out of subnets.
AWS would also argue that many shops can improve their security posture by using managed services, so that all of the patching and maintenance handled by AWS. For example, static content could be hosted on Amazon S3, with dynamic content provided by microservices leveraging API Gateway. Finally, from a security perspective AWS provides services like Trusted Advisor, which can help you find and fix common security misconfigurations.

How connect a client to a remote Windows Server 2019 AWS EC2

We have a very difficult problem here, we have a Windows Server 2019 Base x64 on Amazon EC2, connected through RDP and setup-ed forest and activated AD DS , also activated DNS. But whenever we try to connect we are not allowed to.
We have opened all the relevant ports on inbound traffic rules.
We have added users.
We have tried searching internet and various tutorials.
In Server Manager=:
Added the public ipv4 address to our ipv4 settings of the adapter.
Went to the computer setting in computer domain entered the domain but no fun.
Disabled the firewall in server manager.
We want to connect our clients on different network to connect to the server hosted else-where on AWS.
We are really new into this can some one guide through this?
Please make sure there is network connectivity between your client and you DC which is set up on EC-2 Instance.
[1] In case your clients are on AWS (meaning different EC-2 Instances), and in a different network, you need to create VPC peering or use Transit Gateway, so that it has proper network connectivity.
[2] In case your clients are not on AWS, and in an On-prem Environment, you need to have a VPN connection between your client and your DC.
So in Summary, you need to have network connectivity between your client and DC so that clients can join your Domain.
What do you mean whenever we try to connect we are not allowed to?
What are you trying to connect to, the Windows EC2 instance?
Are you saying that the instance is joined to AWS Directory Service domain but you can't connect to the instance using one of the users in your AWS directory?
Edit: This should have been a comment but couldn't post comments at the time of answering.