Load Balancer

 

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html


When you add a subnet to your load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. Load balancer nodes accept traffic from clients and forward requests to the healthy registered instances in one or more Availability Zones. For load balancers in a VPC, we recommend that you add one subnet per Availability Zone for at least two Availability Zones. 

Select subnets from the same Availability Zones as your instances. If your load balancer is an internet-facing load balancer, you must select public subnets in order for your back-end instances to receive traffic from the load balancer (even if the back-end instances are in private subnets). If your load balancer is an internal load balancer, we recommend that you select private subnets. 

  • You can add at most one subnet per Availability Zone for a LB


    LB - create listeners with port -  Create Target groups - add ec2 instances

    Create ASG - with scaling rules- associate ASG with target group 

    Add rules to target group to direct traffic based on path routes etc


    https://crishantha.medium.com/production-level-load-balancing-using-aws-alb-with-auto-scaling-ccacf0a0f92


    When you create a load balancer in a VPC, you must choose whether to make it an internal load balancer or an internet-facing load balancer.

    The nodes of an internet-facing load balancer have public IP addresses. The DNS name of an internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, internet-facing load balancers can route requests from clients over the internet. For more information, see Internet-facing Classic Load Balancers.

    The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can only route requests from clients with access to the VPC for the load balancer.




    Public private subnets:


    https://aws.amazon.com/blogs/architecture/one-to-many-evolving-vpc-design/


    Public subnets are attached to a route table that has a default route to the Internet via an Internet gateway.


    A private subnet contains infrastructure that isn’t directly accessible from the Internet. Unlike the public subnet, this infrastructure only has private IPs.

    Infrastructure in a private subnet gain access to resources or users on the Internet through a NAT infrastructure of sorts. Use nat gw n multiple AZ for HA. AWS allocated IPv6 addresses are Global Unicast Addresses by default. That said, you can privatize these subnets by using an Egress-Only Internet Gateway (E-IGW), instead of a regular Internet gateway. E-IGWs are purposely built to prevents users and applications on the Internet from initiating access to infrastructure in your IPv6 subnet(s).


    To use the NAT Gateway, assign a route in the private subnet, in lieu of a route to an Internet Gateway. Traffic destined for the Internet will flow from the private subnet to the NAT Gateway in the public subnet, and then out to the Internet through the Internet Gateway.


    https://www.uturndata.com/2021/02/23/aws-quick-tips-internet-gateways-nat-gateways-and-nat-instances/



Comments

Post a Comment

Popular posts from this blog

ECS

  https://medium.com/boltops/ gentle-introduction-to-how- aws-ecs-works-with-example- tutorial-cea3d27ce63d Cluster creation : Template type - Networking only (Fargate), EC2 type Roles Task execution IAM role , this role helps to pull images from your docker registery Task Role - for accessing AWS services  Service creation Type - Fargate/EC2 Type - Replica No of task instances  Min, Max num of healthy instances  Service Auto Scaling is made possible by a combination of the Amazon ECS, CloudWatch, and Application Auto Scaling APIs. Services are created and updated with Amazon ECS, alarms are created with CloudWatch, and scaling policies are created with Application Auto Scaling. Application Auto Scaling turns off scale-in processes while Amazon ECS deployments are in progress. However, scale-out processes continue to occur, unless suspended, during a deployment. Target tracking, step, schedule scaling supported More complex explanation  https://docs.aws. amazon.com/AmazonECS/latest/ d
Read more

RDS

    Multi-AZ DB instance deployment . - one standby instance , but doesn’t serve reads.  The primary DB instance is synchronously replicated across Availability Zones to a standby replica.  can have increased write and commit latency compared to a Single-AZ deployment. This can happen because of the synchronous data replication that occurs. You might have a change in latency if your deployment fails over to the standby replica, although AWS is engineered with low-latency network connectivity between Availability Zones. For production workloads, we recommend that you use Provisioned IOPS (input/output operations per second) for fast, consistent performance Multi-AZ DB cluster deployment . - multiple standby instance ,  serve reads
Read more

DKIM and OCI Email

DKIM stands for Domain Key Identified Mail. It allows an organization to take responsbility to sign emails sent from its domains. It uses pub/private key to sign and allow receiver to verify the authenticity of the email. It prevent mail spoofing and proliferation attacks. OCI email delivery allows to configure DKIMs for email domains.When DKIM is created, it generates a CNAME record to be used in email domain configuraiton. Email Configuration Create a User and generate SMTP Credentials for that user. This user/credentials is used to login to the SMTP server. Create an approved sender in the Email Domain. This will be the from address. Attach a DKIM to the sender/domain.
Read more