I have deployed a webservice application in Amazon EC2 and has associated an Elastic IP address with the same. Our mobile interact with this webservice using elastic IP. Now I want to implemented auto scaling on the EC2.
But what I am not sure is how does my single elastic ip be associated with multiple EC2 instances as it scales up? Is this possible. Please guide.
An elastic IP address is only ever associated with a single EC2 instance.
If you want to start auto-scaling your application, then you need to put a load balancer in front of your EC2 instances. That can be AWS Elastic Load Balancer, or some other.
Users would connect to the Load Balancer, and the Load Balancer would forward requests to the underlying EC2 instances.
Assuming you use an Elastic Load Balancer, you'll need to drop the Elastic IP address since ELB cannot use them. Instead, you'll create a CNAME (or Alias if your DNS is using Route 53) to the ELB.
No that's not possible. You probably need to be using an Elastic Load Balancer.
With EC2 & Auto scaling, You need using user data in EC2 to Auto Attach Elastic IP to EC2 Instance For Auto scaling
#!/bin/bash
aws configure set aws_access_key_id "XYZ..."
aws configure set aws_secret_access_key "ABC..."
aws configure set region "ap-..."
aws ec2 associate-address --instance-id "$(curl -X GET "http://169.254.169.254/latest/meta-data/instance-id")" --public-ip your_elastic_IP
Note: you should create new user & IAM have only permission associate-address to create/get aws key
Hope it be help you :)
Related
I want to create 3 AWS Elastic Beanstalk instances and assign them to VPC with internal IP addresses. As you can see I have a default VPC created and running:
When I try to create a new AWS Elastic Beanstalk instance under the same Ohio region into the menu I see just see empty list of VPC:
Do you know what configuration I need to do in order to assign AWS Elastic Beanstalk instances to VPC?
EDIT:
I use this form to create VPC:
It seems like you did not select the Application Platform in Elastic Beanstalk's application creation process.
Try picking a platform before configuring more options.
I have 3 AWS Elastic Beanstalk instances which are running Spring microservices. All microservices are making POST requests to each other and using RDS service for database.
Should I isolate database traffic and microservices traffic into separate subnets?
In case it's a good practice is it possible to assign 2 private network IP's for each subnet for every AWS Elastic Beanstalk instance?
I think you cannot do it using EBS as the instances will auto create and terminate. So you should try to create instances separately and add autoscaling policy on it.
What I usually do is create my EC2 instances in Public subnet and RDS in private subnet and use RDS Security Group and add EC2 instance's Elastic IP, so that all the traffic is going through the EC2 instance and all the traffic coming to EC2 instance is HTTPS coming from ELB.
Adding the below steps as requested:
Ok, So I am assuming you already know a bit about how to create the servers and RDS etc.
Create an EC2 instance for each of your microservices.
Attach an EIP to each of these instances.
Add an Auto-Scaling policy to increase or decrease the instances based on the traffic/CPU Utilization. Make sure you terminate the newest created instance.
Add an ELB for this instance and add HTTPS/SSL certificate to secure your traffic.
Create RDS in a Private subnet and add instance EIP in RDS SG for 3306 port.
I think you should be able to do this then.
It's not a good practice to directly communicate between instances in EB. The reason is that that EB instances run in autoscalling group. So they can be terminated and replaced at any time by AWS leading to change in their private Ip addresses.
The change in IP will break your application sooner or later. Instances in EB should be accessed using Load Balancer or private IP.
So if you have some instances that are meant for private access only you could separate them to internal EB environment.
I have an Elastic Beanstalk environment with load balancer. Also I have an hosted zone associated with the load balancer in order to access the environment via custom domain name.
Now I want a static IP to use in Tableau Trusted Authentication. I am confused. I can't figure out from where I can get the required static IP.
The answer accepted on this question is 5 years old and things have changed since then.
Sadly there is no way to auto asign an Elastic-ip on a load balancer since AWS only provides support for the DNS.
But there is another solution, to add a script that auto asign an ip to an instance on boot. As the next references suggest.
https://support.asperasoft.com/hc/en-us/articles/216129788-Server-on-Demand-with-EIP-and-Autoscale#prereqs
https://blog.cloudthat.com/auto-attach-elastic-ip-to-ec2-classic-instance-for-autoscaling/
https://github.com/skymill/aws-ec2-assign-elastic-ip
You need to do the next steps:
Set aside as many elastic ip as the max number of instances in your Auto Scaling Group
Create an instance with the current Elastic Beanstalk AMI
Install aws-ec2-assign-elastic-ip using python's pip.
Add the current script to the instance
#!/bin/sh
#
# This script is launched at boot, and assigns an AWS elastic ip.
AWS_ACCESS_KEY_ID=#<acces_key_value>#
AWS_SECRET_ACCESS_KEY=#<Secret_key_Value>#
#Regions Virgina: us-east1 Oregon: us-west2 ...
AWS_DEFAULT_REGION=#<EB_ENV_REGION>#
#Set of valid IP comma(,) separated
VALID_IP_VALUES=<IP_VALUE>,<IP_VALUE>,<...>
/usr/local/bin/aws-ec2-assign-elastic-ip --region $AWS_DEFAULT_REGION --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --valid-ips $VALID_IP_VALUES
Add this script at /etc/rc.local
bash /usr/local/bin/auto-assign-eip.sh
Create a new base AMI using this instance, and set it as your EB AMI.
You mean you want to access the elastic beanstalk application using Static IP? If you want to access your application using static IP then go and spin up a EC2 and deploy your application. The assign a static Elastic IP to that instance. Elastic IP is a static public IP which wont change unless you release it. For more about AWS Elastic IP see the below link.
AWS Elastic IP
The error message is:
Stack named 'awseb-e-r3uhxvhyz7-stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The following resource(s) failed to create: [AWSEBInstanceLaunchWaitCondition].
I am trying to use Multi-Container Docker in AWS Elastic Beanstalk.
Can someone help me to get rid of this error.Is it necessary to use more than one EC2 instance for using Multi-Container Docker in AWS Elastic Beanstalk?
This sound kinda what your issue is:
If you use Amazon VPC with Elastic Beanstalk, Amazon EC2 instances deployed in a private subnet cannot communicate directly with the Internet. Amazon EC2 instances must have Internet connectivity to communicate to Elastic Beanstalk that they were successfully launched. To provide EC2 instances in a private subnet with Internet connectivity, you must add a load balancer and NAT to the public subnet. You must create the appropriate routing rules for inbound and outbound traffic through the load balancer and NAT. You must also configure the default Amazon VPC security group to allow traffic from the Amazon EC2 instances to the NAT instance.
Source: Amazon EC2 Instances Fail to Launch within the Wait Period
I've fixed this. It looks the like IAM role created by default for the single docker EB deployment didn't contain the necessary ECS Policy (unconfirmed).
I followed the instructions to create a policy to add the role and everyhing worked.
I have the following situation:
I have 1 Rails App that has 2 domains, each of these domains has multiple/dynamical subdomains.
This app is in AWS using a load-balanced Elastic Beanstalk.
What i need is that those 2 domains that points to my single Rails App to work under SSL in port 443.
But since Elastic Beanstalk has only one load balancer, I can only use one single SSL certificate on port 433 :(
Using a UCC SSL certificate won't be the solution because i need each domain certificate to be wildcard, so the dynamic subdomains will also work.
Any thoughts about how to get multiple Load Balancers playing nicely with an Elastic Beanstalk Environment?
Best.
To add multiple Elastic Load Balancers (ELB) to an Elastic Beanstalk (EB) application, you need to add the additional ELB to the auto scaling group of the EB app.
On the command line
The easiest way to achieve this is through the AWS CLI (https://aws.amazon.com/cli/):
aws autoscaling attach-load-balancers --auto-scaling-group-name <SG_NAME> --load-balancer-names <ELB_NAME>
In the AWS Console
Of course this can be done in the AWS Console, too:
Go to EC2 > Auto Scaling > Auto Scaling Groups
select the group you want to add the elb to
Select the Details Tab
Edit-Button on the top right
Use the Autocompletion in the Load Balancers field to add your load balancer
Save
For your convenience, you can see where you need to click for all of the 5 steps (don't forget to save!)
For me this works also on eb-generated auto scaling groups (Region: eu-central-1).
This might not have been available at the time of the question, but it is now.
It's a tough one with Elastic Beanstalk as they have a cookie cutter way of deploying your app and if it's not in their options then you have either "hack it" or just go with a completely different solution using EC2 or plain cloud servers.
One thing you can try is creating another ELB with the certificate of the second domain (and subdomains) and point it to your Elastic Beanstalk Instance. If you go to the ELB console you should be able to see the ELB for the first domain. Then, you can create your second domain based on the first domain.
Hope it helps.
I think that the best solution for your problem is to have multiple domains on the same SSL certificate and then assign that certificate to your ELB environment.
(you can have wildcards, maybe that wasn't available at the time the question was asked)
You don't need extra load balancers.
This worked for me,
First, create the load balancer
aws elb create-load-balancer --load-balancer-name my-load-balancer --listeners "Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80" "Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn-of-certificate" --subnets eb-subnet-of-primary-elb --security-groups sg-of-primary-elb
Then, attach load balancer to primary auto scaling group of EB env
aws autoscaling attach-load-balancers --auto-scaling-group-name asg-name-of-primary-asg-in-eb --load-balancer-names my-load-balancer
One more thing to be aware of is that EBS created instances need to allow your custom ELB to talk to them.
You need to create INBOUND rule in your EBS auto-created security group (with description SecurityGroup for ElasticBeanstalk environment) to allow TCP:80 access. I had my custom ELBs in a different security group so I specified that sg-**** ID as the source.