I would like to redirect users to a custom maintenance page at a different domain. My setup includes AWS load balancer and EC2's. If the EC2 behind the LB is not reachable, What rule I need to add at LB to check the status code and redirect to a maintenance page at different domain?
Route53 Failover with S3 is an option
I suggest that you can use Route53 to achieve this with failover approach and maybe using a static website hosted on Amazon S3 for cost optimization.
Here are the main ideas:
Create the Route 53 health check which is your main site health check. If the status is failed, it redirects your traffic to the failed-over endpoint.
Create a record set for your primary endpoint which points to your main site endpoint and (Your ALB DNS) with Failover routing policy.
Create the failover endpoint which can be a static site (S3) or your maintenance page domain.
References:
https://aws.amazon.com/premiumsupport/knowledge-center/fail-over-s3-r53/
Route53 Health-check with SNS & Lambda
You can use this feature as a standalone healh-check without affecting your domain setup as above. It will notify any status changes to a SNS topic and you can subscribe a Lambda function to help you updating your Load Balancer listener to redirect your traffic into another site.
Once setup properly, it creates an alarm for you to monitor your main site.
With Lambda function, you can use Boto3 (Python3) to update your Load Balancer based on 2 kind of events:
Unhealthy: route traffic to another domain
Healthy: route traffic to your target group
References:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-subscribe-sns-topic-same-account/
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.modify_listener
Related
I want route53 to failover from ALB1 to ALB2.
I've set up a DNS hosted zone, using ALB FQDN, set up Alias record for ALB1, set failover routing policy, based on a health check using ALB1 endpoint FQDN, also set up Alias record for ALB2 as secondary.
Each ALB has a target group of two ec2 running simple apache website.
ALB1 has two ec2, I tried shutting them, and/or turning httpd, to simulate failed health check and each time this happens, I get bad gateway error message. It doesn't seem to want to failover to ALB2.
What am I doing wrong/incorrectly or don't understand? My goal is to simulate a failover.
Please advise.
You need to have your own domain. You can't re-define AWS owned domain that is provided to you by your ALB. Then you create the R53 fail-over records for your own domain, e.g. myapp.org.
I have a domain for my new application, lets call it: app.example.com. Thats a domain registered outside my AWS account.
The application is running on AWS EKS:
Two Deployments
Two Services
One Ingress
Quite simple I guess. Those pods are running on Fargate, so I managed to configure the AWS Load Balancer controller who creates an Application Load Balancer when an Ingress is created.
Then, there is also an external-dns pod configured pointing to a hosted zone on Route 53 (example.com).
Now, each time an Ingress is re-deployed, AWS LBC re-creates the ALB with a different DNS domain, and external-dns is adding records on the hosted zone like:
If I go to the ALB DNS, the application can be reached, but if I go from the domain app.example.com it can´t.
In a close future, my idea is to use a Blue/Green deployment and that will change the DNS of the ALB, so I have to think of a solution having into account the next step.
Maybe it´s something about the external domain, I mean, AWS is not hosting the domain but I might need some kind of permission or even configure the domain from the other page?
Solved, what I was missing is reading in depth the documentation of AWS. Route 53 provides a set of Name Servers for hosted zones. On the external registrar, I had to create NS records pointing to the NS of AWS.
More info:
SafeNames
1and1
GoDaddy
AWS Wiki - Step 7
I have my web app, written in vue, and deployed on S3 using static website hosting.
I also have an EC2 instance setup which will serve as the backend for my app.
My question is, I'd like to restrict access to the EC2 instance to only requests coming from the site hosted on S3. Is that possible?
I see in the security group for the EC2 instance, I can specify the inbound traffic rule to limit from a specific IP address. However I'm not sure how I can limit it to traffic from a particular domain
The S3 app speaking to your backend will actually be using the end users internet connection in order to communicate, so you cannot use a security group to prevent this access if your application should be available publicly.
You can however lock it down so that the application can only be called from valid domain(s) only.
To do this would need to be able to control traffic by the referer header, which would require you to configure an AWS WAF and add a rule set to allow where the referer header is your domain. Then for default logic it would need to block it.
To use a WAF it would need to attached to one of the following resources:
Application Load Balancer
CloudFront
API Gateway
The resource would sit in front of the EC2 host.
For more information take a look at the How to Prevent Hotlinking by Using AWS WAF, Amazon CloudFront, and Referer Checking blog post.
I have configured the AWS load balancer to secure my website, i.e. to resolve through "https". But when I use(https://www.schoolnskill.com), it gives
503 Service Temporarily Unavailable.
So I have followed the below steps to configure my environment.
I created a domain name in route53 and have been issued with a SSL/TLS certificate through AWS Certificate manager.
For my load balancer I set up listener for https:443 and attached the above certificate with it.
The security group for my ec2 instances allow http and https requests (although I believe the load balancer ec2 target will communicate using http).
I have attached a screenshot with the summary of the configuration.
Then in the ROUTE 53, I edited the 'A' record of 'www.schoolnskill.com'. Below are the changes I made.
Alias:- yes
Alias target:- chosen the application LB
Routing policy:- simple
Then save the settings.
I can see that whenever I type 'http://www.schoolnskill.com', it is redirected as 'https://www.schoolnskill.com'
Health_CHK
Thank you,
The problem was the availability zones. The AZ of my load balancer was different from that of EC2 instance. I matched the AZ of ALB to my EC2, and it worked.
Thank you,
I have DNS service provider(web application) as godaddy with CNAME record resolving to DNS value of application load balancer in #AWS. There is requirement where the webapplication request from customer network should route/resolve to specific AWS region based on IP address /subnet of customer. Is there a feature in R53 or load balancer to achive this. I see there is such feature in mircosoft #azure traffic manager to do subnet based routing!. Thank You
It seems you need Route53's geolocation routing, as it works by mapping the IPs from the originating DNS queries to specific AWS resources, like in your case, the loadbalancer.
Here's a link to the resource: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo