Reputation: 3
AWS connect to EC2 through ELB in a VPC, how to configure?
I'm new on AWS and I'm playing around Cloudformation templates to have a working stack. My idea is to have a static hello world html page using EC2 as webserver not reachable from outside but only thorugh ELB (internet-facing). All in a VPC. I've deployed a stack but is still not working, I guess it depends on networking config. How can I set it up?
Starting from examples from awslabs and following Cloudformation docs for each resource, I've made up a yaml template and deployed the stack.
Here is only the EC2 and ELB config
MYInstance1:
Type: AWS::EC2::Instance
Properties:
DisableApiTermination: 'false'
InstanceInitiatedShutdownBehavior: stop
ImageId: ami-70edb016
InstanceType: t2.micro
Monitoring: 'false'
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
yum update -y
yum install -y httpd24
service httpd start
chkconfig httpd on
groupadd www
usermod -a -G www ec2-user
chown -R root:www /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
echo '<html><head><title>Test</title></head><body><p>Hello world!</p></body></html>' > /var/www/html/demo.html
Tags:
- Key: environment
Value: demo-test
NetworkInterfaces:
- AssociatePublicIpAddress: 'true'
DeleteOnTermination: 'true'
Description: Primary network interface
DeviceIndex: 0
SubnetId: !Ref 'PublicSubnetA'
GroupSet: [!Ref 'MYSGapp']
MYelb:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Subnets: [!Ref 'PublicSubnetB']
Instances: [!Ref 'MYInstance1']
SecurityGroups: [!Ref 'MYSGELB']
Listeners:
- LoadBalancerPort: '80'
InstancePort: '80'
Protocol: HTTP
HealthCheck:
HealthyThreshold: '2'
Interval: '15'
Target: TCP:443
Timeout: '5'
UnhealthyThreshold: '2'
You can find the full template with my current configuration here:
Looking at the console I'm a bit stuck with ACLs and routing.
I expect to be able to see the html page at ELB-Public-DNS.com/demo.html.
More details on where I am now: CloudFormation launch was OK, the server is running. I tried to open all traffic in Ec2 security group inbound rule and EC2 DNS/demo.html actually shows the page. But I need to access to it throug ELB DNS not EC2. From ELB interface I see that the instance is OutOfService as it fails the UnhealthyTreshold. In EC2 security group I've setup inbound rules TCP 80 & 443 from ELB security group but still not working.
Upvotes: 0
Views: 491
Answers (2)
Reputation: 1
If you're new to cloudformation you can give cloudkast a try. It is an online aws cloudformation template generator. It is very useful for anyone starting out in cloudformation.
Upvotes: 0
Reputation: 200617
You have configured the load balancer health check to use port 443, but you do not appear to have installed an SSL certificate on your EC2 server. Can you access the HTTPS URL of your EC2 server directly?
You probably want to use the Amazon Certificate Manager service to obtain an SSL certificate and install it on your load balancer, in which case your EC2 server will never have an SSL certificate and will never be listening on port 443, so you need to change the health check port to 80.
Upvotes: 0
Related Questions
- Amazon ELB in VPC
- Amazon ELB for EC2 instances in private subnet in VPC
- Access a service exposed by AWS ELB from AWS Lambda
- How can i connect to a EC2 machine which is within a VPC being ELB
- How to user vpc endpoint for ELB?
- aws cloudformation - Launch ec2 instance in my vpc
- Allow ELB connection just from instances in the same VPC, Subnet and Security Group
- EC2 instance is not in the same VPC as ELB. Invalid Instance
- Connecting EC2 within VPC in AWS
- Cant connect to internet facing ELB from instance in VPC