I tried to find alternative of nginx on aws, and found only route 53. Is it the same service or no?
Does aws has alternative nginx?
NGINX is a web server which can also be used as a reverse proxy, load balancer and HTTP cache (Wikipedia). It is software that runs on an operating system (eg Linux, Windows).
There is no equivalent provided by AWS. You can run NGINX on an Amazon EC2 instance.
The closest equivalents on AWS would be:
Using Amazon S3 to serve static web content
Using Elastic Load Balancer to distribute traffic to multiple Amazon EC2 instances
Using Amazon CloudFront to cache content in multiple geographic locations
Amazon Route 53 is a DNS service for resolving domain names, which is not base NGINX functionality (although NGINX can handle virtual hosts, which overlaps a bit with DNS).
Related
The current setup was the application is load-balanced at AWS. The domain(www.Example.com) we are using is registered at GoDaddy.com.
My concern is that, do we need to upgrade our GoDaddy hosting even if the files are load-balance at AWS?
Let's say that we have had a 50K concurrent users.
Thanks for the insight in-advanced.
When you say "the application is load-balanced at AWS", it suggests that there is the following setup on AWS:
One or more Amazon EC2 instances running a web application, and
An Elastic Load Balancer that is directing incoming traffic to those instances
Your GoDaddy account probably has a Domain Name with a CNAME record that points to the DNS Name of the Load Balancer on AWS.
If this is true, then you do not need a "hosting plan" on GoDaddy, since it would just be managing your Domain Name. Scaling is not necessary for Domain Names.
Increasing the load would possibly require creating additional EC2 instances on AWS, but you might have an Auto Scaling group doing this for you automatically.
You should investigate what you actually have on GoDaddy and on AWS.
I've an app running on AWS.
Currently, my frontend is hosted on S3/cloudfront which communicates with my EC2 instance through a Elastic Load Balancing (ELB).
ELB handles the SSL certificate.
I just have one EC2 instance. So, I don't really need the ELB. My free tier period is over... ELB representer 40% of my bill !
How can I get rid of ELB without losing the SSL configuration ?
Thanks in advance !
The best approach to keep an AWS ACM SSL whilst removing your load balancer would be to instead use CloudFront for your EC2 host.
If this is a different domain to your existing CloudFront distribution, you would need to create a new one which will serve your app traffic. This would have a custom origin that would resolve to the public CNAME of the EC2 host (this will require the EC2 host to be publicly resolvable).
IF it shares the same domain, your CloudFront distribution would need to be updated to include a secondary behaviour that maps to your EC2 hosts public hostname.
Please note for this option your instance must be public, this means that it is possibly to bypass CloudFront to perform this option. If you do not have a valid SSL on this EC2 host you will need to configure the CloudFront distribution to speak to the origin using HTTP.
An alternative (or combined option) would be to use a service such as certbot that can generate a valid SSL for your domain. This will ensure any public ingress to the instance can be encrypted securely over HTTPS.
I have an Elastic Beanstalk instance that is running a Flask app. I want to know if there is any way through AWS to automatically block IP addresses that are doing unusual activity on my site.
This could be a range of things, for example:
Send several GET requests over and over
Trying to POST without a CSRF
And more. Any ideas? Thanks.
Generally, for that you would front your EB with application load balancer and AWS Web Application Firewall.
This setup is documented in the recent AWS blog and other sources:
How do I protect my Elastic Beanstalk environment against attacks from known unwanted hosts?
Setting up AWS Web Application Firewall (WAF) with Elastic Beanstalk
Guidelines for Implementing AWS WAF
I have a web app running on my Amazon EC2 instance. How can I integrate a Web Application Firewall with my EC2?
I have tried setting up the WAF, but it can only be associated with either a CloudFront distribution or an Elastic Load Balancer. Do I need to setup a CloudFront distribution and point it at my EC2 instance?
I ended up setting up an elastic load balancer pointing to my single instance and then adding the web application firewall pointing to the load balancer. It works pretty well and doesn't cost too much more per month from AWS.
The two approaches you can connect AWS WAF to your EC2 instance through,
AWS CloudFront
Application Load Balancer (ALB)
Each approach has its own pros and cons. If your application servers more of content that can be cached, then having AWS CloudFront along with WAF. If your application cluster needs to scale but most of it is dynamic content then going for ALB is more reasonable.
Note: There is an added fixed cost for ALB (In addition to the variable cost which is not significant though) for each month while CloudFront cost is variable and consumption driven.
It is also possible to have both CloudFront and ALB together where you can add the WAF to CloudFront only.
This is how you use AWS WAF, it only works in these two scenarios. For an EC2 application it is best to configure an ALB in front of it (even if you have only one instance).
BTW: You might get away with only using the Application Loadbalancer (ALB) from AWS, this is doing more content validity checks than classic AWS ELB is doing.
You need to set up at least Application layer Loadbalancer to use AWS WAF.
side note: AWS WAF has a lot of restriction. For request count based blocking you will end up having LAMBDA scripts to COUNT and update the AWS WAF ruleset. Also, they don't provide WAF logs as of my Knowledge. Try looking at cloud WAF solutions like SOPHOS.
I recently registered a domain (say example.com) at GoDaddy.com and I would now like to host many web services in different subdomains using my Amazon EC2 server.
I pointed the domain to my elastic IP address but, is it this enough on the GoDaddy side? That is to say, do I now have to create and manage the subdomains on the Amazon server or at GoDaddy? How should I do it?
Also, what's the advantage between an Amazon route 53 hosted zone and just pointing the domain to the Elastic IP? Is there any advantage?
Thanks!
do I now have to create and manage the subdomains on the Amazon server
or at GoDaddy?
You need to create each subdomain at your DNS service (Godaddy) and point each of those subdomains to your Elastic IP. On the AWS side you will need to configure the web server running on EC2 with the knowledge of each of those subdomains, and what content it needs to serve for each of them.
what's the advantage between an Amazon route 53 hosted zone and just
pointing the domain to the Elastic IP?
There are certain AWS services like Elastic Load Balancers and S3 static websites that do not provide an IP address, only a domain name. To map the root of your domain to one of those services you would have to use Route53 alias records. Route53 also offers features like health checks, failover routing, latency routing, etc. Other than that, there isn't really any advantage to Route53 versus another DNS service like GoDaddy.