I have an Elastic Beanstalk instance that is running a Flask app. I want to know if there is any way through AWS to automatically block IP addresses that are doing unusual activity on my site.
This could be a range of things, for example:
Send several GET requests over and over
Trying to POST without a CSRF
And more. Any ideas? Thanks.
Generally, for that you would front your EB with application load balancer and AWS Web Application Firewall.
This setup is documented in the recent AWS blog and other sources:
How do I protect my Elastic Beanstalk environment against attacks from known unwanted hosts?
Setting up AWS Web Application Firewall (WAF) with Elastic Beanstalk
Guidelines for Implementing AWS WAF
Related
So I have a website that was still being served even though I did not have an EC2 instance running on the us-east-1 dashboard.
I did have a load balancer running. When I terminated the load balancer the website is no longer being served.
My question is this...
Even though I had a load balancer there were no EC2 instances running. Where is the website being loaded from?
Doesn't an EC2 instance need to be running?
Not really, first of all, check if you have an Instance running in a different AWS region. If not, your site could be running in multiple other AWS Services like ECS, EKS or could be deployed Serverless (if the website is a Single Page Application: react, angular, vue).
So to answer your question: No, you don't need an EC2 instance running on AWS to host a website. And load balancers can be deployed in front of many other services that are not running on EC2.
My client is asking me to deploy web application (nodejs backend+reactjs frontend) on two EC2 servers. Inorder to achieve good load balancing and autoscaling based on traffic,
Note: client doesn't want to go for single server of high version
There are multiple ways of achieving a satisfying architecture for this problem. If we are looking into using EC2 instances we can do the following:
Deploy your back-end into Target Group for an Auto Scaling Group and put an Application Load Balancer in front of it. Instances can automatically register to the load balancer, which can distribute traffic between them.
Deploy your static front-end application into an S3 bucket, if necessary, use a CloudFront distribution for caching and faster loads.
Assuming the front-end is a SPA (browser-generated HTML), then host the React part on S3 + CloudFront
Regarding deploying Node on EC2:
Use CloudFormation to setup the infrastructure (the EC2 machines, ASG, and Load Balancer)
Then use CodeDeploy to deploy / update the application
Here is a post on deploying Node.js using CodeDeploy: https://hub.packtpub.com/deploy-nodejs-apps-aws-code-deploy/
You might find it easier to use Elastic Beanstalk though
We have a springboot application running as a single instance( there is no Loadbalancer) on aws elastic beanstalk.
The question is how to protect/block the /actuator path (only admins) could access it.
you can't without a load balancer.
With ALB you can configure some settings to restrict access, but not with custom authentication.
Recently somebody manually deleted all Elastic Load Balancers on a AWS account I am working with. All the Load balancers had been provisioned from Elastic Beanstalk configs.
I rebuilt all the Elastic Beanstalk instances from previous configs to restore the deleted load balancers. The various applications are now running correctly apart from 2 which are failing to send traffic to each other. I will call them App A and App B.
App A is sending traffic to App B using its elastic beanstalk URL, however the messages are failing to send. If I SSH into App A, I can manually send JSON messages to App B using CURL and the EC2 private IP. When I ping the EB URL from App B, it shows me a IP to do not recognise and which is not allocated to any EC2 instances running on the account.
App B is in a private subnet with a network load balancer.
How can I get the Elastic Beanstalk URL to point at the correct IP.
I have recently inherited this environment and did not configure the original setup. So perhaps I am missing a step or aspect of how AWS Elastic Bean stalk is intended to work in this regard.
Additionally I am certain this is not a programmatic error ( the code has not changed since the instances where rebuild ) or a firewall setting as I am manually able to send traffic and get a response with a curl script.
Its is the beanstalk URL which appears to be incorrect
I have started using elastic beanstalk with tomcat8-java8 application. Elastic beanstalk setup a nice application with RDS data tier. Is it possible to add another instance, which I created manually, in data tier as a redis caching server.
Thanks for any feedbacks.
There's nothing about Elastic Beanstalk that says it cannot communicate with other servers.
An application running under Elastic Beanstalk can access other resources such as S3 buckets, databases, and other servers, etc. as long as the various permission levels allow (VPC, security groups, etc.)
So you can add a redis server manually that your Elastic Beanstalk application can utilize. You just need to ensure that your application can "get to" the redis server.