If you're used to EC2-Classic, or are simply new to all this -- creating a VPC-with-ELB can be a puzzling experience.  The mystery typically begins when you've set up your subnets and aren't too sure why when you add your ELB, things don't work.  If you're being greeted by a big 503 or are doing some homework before you tackle the job, this post's a good primer.

We're going to create a VPC with the necessary public and private subnets, routes, and related devices.

 

1.Create your VPC

Your first task is to create your VPC.  Head over to the AWS services panel and then click VPC to access the VPC panel.  Click on Your VPCs in the menu on the left, to access the VPC panel.  Click on Create VPC and the creation modal appears.

 VPC creation modal

VPC creation modal

Specify the following details:

  • Name Tag: WhateverYouWant
  • CIDR block: 10.0.0.0/16
  • Tenancy: your decision

When created, it'll appear in the VPC list.

 

2.Create your Subnets

Subnets are address blocks within your VPC to which you can assign different routes, ACLs, and appliances. 

First we'll create two subnets into which our application ELB can spawn its balancers.  The AWS panel doesn't make this very clear, but it needs a 'sandbox' for its app balancers -- the availability zones aren't treated quite the same as they are in EC2 classic (seemingly, just zones where the instances served by the ELB exist).  You'll note as your ELB works, that the count of available IPs in your ELB subnets mysteriously diminish. 

  • Name Tag: ELB Zone 1
  • VPC: WhateverYouWant
  • Availability Zone: Pick One
  • CIDR Block: 10.0.20.0/24

Then another

  • Name Tag: ELB Zone 2
  • VPC: WhateverYouWant
  • Availability Zone: Pick A Different One
  • CIDR Block: 10.0.21.0/24

When you are done with these two:

  1. Select one using the 'square' checkbox on the left
  2. Click on the "Subnet Actions" button up top
  3. Select "Modify Auto-Assign Public IP"
  4. Set things so that it automatically assigns.
  5. Save (and repeat for the other)
 Automatically assigning public IPs within subnets

Automatically assigning public IPs within subnets

These ELB subnets are going to host the Application ELB's hosted instances.  We still need to create the subnets that'll host your own application instances.  As long as they are in the same availability zone as their "mate" balancer subnets, they can talk to each other.  Create these two then, as boundaries for your eventual 'real' app servers.

  • Name Tag: Application Server Zone 1
  • VPC: WhateverYouWant
  • Availability Zone: (Same as ELB Zone 1)
  • CIDR Block: 10.0.0.0/24
  • Name Tag: Application Server Zone 2
  • VPC: WhateverYouWant
  • Availability Zone: (Same as ELB Zone 2)
  • CIDR Block: 10.0.1.0/24

 

3.Create your Internet Gateway

Creation is pretty straightforward, just give it a name.  The Internet gateway is necessary since your instances will need Internet access, e.g., apt-get, composer, etc.

 Creation menu on the internet gateway panel

Creation menu on the internet gateway panel

4. Create a Route Table

To make your ELB subnets Internet accessible - you have to associate your subnets to an Internet Gateway.  Straight out of the AWS documentation:

An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IP addresses.

Head over to the Route Tables menu on the left, and click Create Route Table.  Use these inputs:

  • Name tag: Custom Route
  • VPC: WhateverYouWant (just being consistent here, same throughout this article)

After it is created, select it, and click the "Routes" tab in the bottom half.  Connect it to your Internet Gateway on route 0.0.0.0/0 like so:

 Custom Route Table 1

Custom Route Table 1

Then in your Subnet Associations tab, associate it to your two public ELB subnets; ELB Zone 1, and ELB Zone 2.

5. PREPARE YOUR SECURITY GROUPS

We're going to create a few groups here.  These are the magic glue, so craft them carefully.

LoadBalancer: This group will be attached to the ELB.

Type
Protocol
Port Range
Source
HTTP (80)
TCP (6)
80
0.0.0.0/0
HTTPS (443)
TCP (6)
443
0.0.0.0/0

Outbound ok, all traffic (ALL on 0.0.0.0/0)

 

APPSERVERS: THIS GROUP IS FOR THE EC2 APPLICATION SERVERS

Type
Protocol
Port Range
Source
SSH (22)
TCP (6)
22
YOUR IP HERE
HTTP (80)
TCP (6)
80
LOADBALANCER SECGROUP
HTTPS (443)
TCP (6)
443
LOADBALANCER SECGROUP

 

6.create your elb

Head over to your EC2 panel, and create a Load balancer.  

Step 1. Define Load Balancer

During its creation, select your VPC as Create Inside value, and then select ELB Zone 1 and ELB Zone 2 as its Available subnets.  

STEP 2. assign security groups

Select the group you created previously, LOADBALANCER.

STEP 4. ASSIGN SECURITY GROUPS

Configure this per however you will structure a response on your app.  If you have no index.html, adjust it to give it something that "response" (index.php perhaps!).

STEP 5. Add EC2 Instances

Very straightforward.  Leave "Enable Cross-Zone Load Balancing" checked.  If you haven't yet launched EC2 instances into your Private groups (App groups we created above) -- just come back after you have launched them.  If you use autoscale groups or any other config, easy enough to bind them to this ELB at that point.

 

Then, do what you usually do to point a domain to your ELB, using its CNAME, or directly configuring Route 53 to use the ELB as an alias on your zone records.

 

Your next steps then, might be to:

  • Install OpenVPN through the EC2 Marketplace so that you can gain access to things like databases launched within the VPC
  • Create 2 more subnets, and a secgroup for Lambda