I have multiple EC2 instances connected to a load balancer and the traffic is routed to load balancer using Route53.
Suddenly, I can longer access my website if I type my domain name "www.domain.com". I tried to debug the problem by directly typing the load balancer DNS in the browser and it worked.
To investigate the problem further, I created a single instance and directed the traffic using route53 to the current public IP of the instance. If I use the domain name "www.domain.com" in the browser, I get an error stating that the site can't be reached. If I use the public IP of the instance I can reach the page. I think that means that Route 53 is not directing the traffic to instance.
How can I check that because I have been in this problem for almost two days. Is there is a way to check whether Route 53 routes traffic or not? I am sure my security group of allows traffic For HTTP, HTTPS, SSH and the port numbers are correct.
Related
I have an internal load-balancer in aws and I am able to access it successfully from my office network.
I want to put this behind a generic dns so using Route 53, I created a private hosted zone "domain.com"
and then created A record "project.domain.com" pointing to the lb dns mentioned below:
DNS of internal load balancer -> internal-lb-99999999999999.us-east-1.elb.amazonaws.com/
But now from my office network I tried to access "project.domain.com" and it did not work. AM I missing something?
For the setup i have used in the past we do not have the http:// part in the value of the A record in DNS just the load balancer DNS.
Also have you validated that your VPC has DNS resolution enabled?
I have setup an AWS Network Load Balancer no problem and I have a number of different services running on their assigned ports. This all works perfectly.
Then I was asked to host a number of different node apps on their own ports and are accessed via their own domains. After I realised I couldn't get this to work correctly on NLB I looked to Application Load Balancer and use Host-Based Routing rules.
app1.example.com
app2.example.com
What I did
I setup the application load balancer listener on https :443 and a Host-Based Routing rule that forwards app1.example.com traffic to a target group to watch 443 and send the traffic to the correct instance on port 3000. The security group is also setup to with port 3000 open.
So I thought.... all I had to do was add the load balancer IP to the subdomain A Records on the external domain registrar.... but I can't find the IP anywhere! I'm missing something fundamental here and AWS docs are killing me.
The above steps aren't too different from setting up a Network Load Balancer without the Host-Based Routing rules.
Could anyone point out where I can find the ALB IP or where am I'm going off track?
The Ip might change so better use an other option such as CNAME or A-record + Alias (the latter might save you some money, if I remember correctly).
(Route 53 setup)
I have a webserver running on a AWS EC2 instance (has an elastic IP) that can be accessed over my own domain (www.xy.ch) via http. Now, I need to access the webserver via https and so I created a certificate for my domain (www.xy.ch), uploaded it to AWS Certificate Manager and added the certificate to a Load Balancer connected with my EC2 instance.
This seems to work so far. When I target the DNS name of my Load Balancer (xyz.eu-central-1.elb.amazonaws.com) with a https in front, I can access my webserver. But the certificate is flagged invalid, because its common subject name (my domain name: www.xy.ch) does not match the input (DNS name of Load Balancer: xyz.eu-central-1.elb.amazonaws.com).
But now, I have no idea how to proceed so that I can access my webserver with https over my own domain (www.xy.ch). It does not work at the moment, so I obviously miss a configuration step, but I really don't understand what.
How can I connect my own domain with the Load Balancer's DNS?
I did some research and tried to understand the answers of similar cases (e.g. Assigning Static IP Address to AWS Load Balancer), but could not find a solution for my case.
The solution was indeed to delete all DNS entries pointing to the IP of the webserver and redirecting everything DNS wise over the Load Balancer. Credits to Mark B!
I deployed a simple website on EC2 instance, and created an elastic load balancer, routing traffic to this EC2 instance.
I also created a CNAME record on my DNS registrar, pointing my domain (www.example.com) to the load balancer DNS name (load-balancer-1234567890.us-east-1.elb.amazonaws.com).
I can successfully reach my site in the browser in 3 different ways:
EC2 instance public IP (Eg: 54.89.99.99)
ELB public DNS name (Eg: load-balancer-1234567890.us-east-1.elb.amazonaws.com)
My domain DNS (Eg: www.example.com)
But, for security reasons, I want my EC2 instance to be accessible on port 80 only from the load balancer.
So, I changed the security group for the EC2 instance:
removed the rule that allowed traffic on port 80 from all sources (0.0.0.0/0)
added a rule to allow traffic on port 80 from my VPC (172.31.0.0/16)
added a rule to allow traffic on port 80 from the ELB security group (sg-xxxxxxxx)
After that, I still can access my website from the ELB DNS name, but now I can't access from my domain anymore (www.example.com). I get the error: ERR_CONNECTION_TIMED_OUT.
What's wrong?
This seems like a DNS caching issue in your machine or in DNS servers.
To clear the cache in your machine flush the DNS using ipconfig /flushdns
If the issue persisted try traceroute www.example.com (Or tracert www.example.com in Windows) to see whether it reaches the ELB. If the source IP is different that the current DNS configurations,
It can be due to a misconfiguration (Double check)
If latest DNS modification is not propagated (If its points to a previous configuration) then wait for some time till the DNS servers clears the cache based on the TTL value.
When you create a load balancer, you select the AZs that the load balancer is located within. This means that your load balancer is located within your VPC and not outside of it (this is normal and expected).
Since your Security Group allows traffic from within your VPC (which duplicates the ELB security group as both are allowing traffic), then there is something wrong with either your Security Group settings or your Load Balancer is configured wrong. Also double check the load balancer security group settings.
I've setup an internal load balancer for my SQL read servers in EC2, but I can't figure out how to point DNS at it. I have a private hosted zone in Route 53. When I attempt to setup an ALIAS record to the LB, the internal load balancer does not appear in the dropdown, though all the public LBs do, which leads me to believe I'm going about this the wrong way. None of my Googling has led me to any information specific to private load balancers, so maybe it's just not possible and I have to use the long AWS domain name?
My experience : I was trying to create single HTTPS contact point for my application, so I tried setting up internal load-balancer hoping when I point it to A Record in Route 53 it would work with just A Record url.
To answer your question :
Internal Load Balancers do list in Load Balancer listing for Route 53.
You can not use A Record url to publicly point to internal load-balancer unless you are actually connected to VPC