Reputation: 21194
How to access the nodes behind the amazon load balancer directly
I have an application running on elastic beanstalk. The application is load balanced, and the SSL is handled by the load balancer.
How do I securely access the individual nodes in the cluster?
I want to do this so that I can connect via JMX and interrogate the individual nodes - get connection pool metrics and change logging config.
Upvotes: 1
Views: 520
Answers (2)
Reputation: 1355
Using the standard Elastic Beanstalk configuration won't allow you to access the nodes except via port 22. The reason for this is the standard setup only allows the load balancer to access the EC2 nodes; this is for security reasons.
However, it's not a impossibility to set up your required configuration.
To use SSL on the nodes you'd need to:
Step 1: Create an SSL Certificate and Private Key
Step 2: Create an SSL Configuration File
Step 3: Open Port 443
Step 4: Complete the Configuration File for Your Container Type
You can find the set up for your Java container here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/SSLJava.SingleInstance.html
Due to the elastic nature of your environment registering the EC2 hostnames behind the load balancer will be quiet complex. The easiest way would be to interrogate your AWS Dashboard for the hostnames.
Other options would include using the AWS CLI tools to configure a script to poll the EB environment and return the hostnames; or finding a clustered solution for JMX (http://www.jmanage.org/).
Upvotes: 1
Reputation: 3264
One way you could do this is by setting up a VPC and placing your nodes in a private subnet of the VPC. On your public subnet you could set up a VPN server, there are a bunch available in the AWS marketplace, then you could VPN to that machine - which routes secure traffic to your private subnet.
Another alternative would be to place a proxy in front of your application on each node, something like Nginx. Install the SSL cert on the proxy so that the proxy will handle SSL. That way you can hit your node through the proxy and have secure traffic.
If you have many nodes, you'll probably want build some kind of service registry for discovery.
Upvotes: 0
Related Questions
- Elastic Beanstalk without Elastic Load Balancer
- Connecting from one AWS Elastic Beanstalk environment to another
- AWS Application Load Balancer is accessible by IP Address
- Determine which Application Load Balancer is attached with which Elastic Beanstalk
- Attach ELB instance to "Application Load Balancer"
- how to configure the aws elastic beanstalk load balancer for different layers?
- How do I set my Elastic Beanstalk application to use an Application Load Balancer?
- How to connect to specific instance behind Elastic Load Balancer
- How to get Elastic IP address of servers behind Load Balancer
- Accessing AWS EC2 instances through ELB