If you're used to EC2-Classic, or are simply new to all this -- creating a VPC-with-ELB can be a puzzling experience. The mystery typically begins when you've set up your subnets and aren't too sure why when you add your ELB, things don't work. If you're being greeted by a big 503 or are doing some homework before you tackle the job, this post's a good primer.
We're going to create a VPC with the necessary public and private subnets, routes, and related devices.
1.Create your VPC
Your first task is to create your VPC. Head over to the AWS services panel and then click VPC to access the VPC panel. Click on Your VPCs in the menu on the left, to access the VPC panel. Click on Create VPC and the creation modal appears.
VPC creation modal
Specify the following details:
- Name Tag: WhateverYouWant
- CIDR block: 10.0.0.0/16
- Tenancy: your decision
When created, it'll appear in the VPC list.
2.Create your Subnets
Subnets are address blocks within your VPC to which you can assign different routes, ACLs, and appliances.
First we'll create two subnets into which our application ELB can spawn its balancers. The AWS panel doesn't make this very clear, but it needs a 'sandbox' for its app balancers -- the availability zones aren't treated quite the same as they are in EC2 classic (seemingly, just zones where the instances served by the ELB exist). You'll note as your ELB works, that the count of available IPs in your ELB subnets mysteriously diminish.
- Name Tag: ELB Zone 1
- VPC: WhateverYouWant
- Availability Zone: Pick One
- CIDR Block: 10.0.20.0/24
Then another
- Name Tag: ELB Zone 2
- VPC: WhateverYouWant
- Availability Zone: Pick A Different One
- CIDR Block: 10.0.21.0/24
When you are done with these two:
- Select one using the 'square' checkbox on the left
- Click on the "Subnet Actions" button up top
- Select "Modify Auto-Assign Public IP"
- Set things so that it automatically assigns.
- Save (and repeat for the other)
Automatically assigning public IPs within subnets
These ELB subnets are going to host the Application ELB's hosted instances. We still need to create the subnets that'll host your own application instances. As long as they are in the same availability zone as their "mate" balancer subnets, they can talk to each other. Create these two then, as boundaries for your eventual 'real' app servers.
- Name Tag: Application Server Zone 1
- VPC: WhateverYouWant
- Availability Zone: (Same as ELB Zone 1)
- CIDR Block: 10.0.0.0/24
- Name Tag: Application Server Zone 2
- VPC: WhateverYouWant
- Availability Zone: (Same as ELB Zone 2)
- CIDR Block: 10.0.1.0/24
3.Create your Internet Gateway
Creation is pretty straightforward, just give it a name. The Internet gateway is necessary since your instances will need Internet access, e.g., apt-get, composer, etc.
Creation menu on the internet gateway panel
4. Create a Route Table
To make your ELB subnets Internet accessible - you have to associate your subnets to an Internet Gateway. Straight out of the AWS documentation:
“An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IP addresses.”
Head over to the Route Tables menu on the left, and click Create Route Table. Use these inputs:
- Name tag: Custom Route
- VPC: WhateverYouWant (just being consistent here, same throughout this article)
After it is created, select it, and click the "Routes" tab in the bottom half. Connect it to your Internet Gateway on route 0.0.0.0/0 like so:
Custom Route Table 1
Then in your Subnet Associations tab, associate it to your two public ELB subnets; ELB Zone 1, and ELB Zone 2.
5. PREPARE YOUR SECURITY GROUPS
We're going to create a few groups here. These are the magic glue, so craft them carefully.
LoadBalancer: This group will be attached to the ELB.
Type | Protocol | Port Range | Source | |||||
HTTP (80) | TCP (6) | 80 | 0.0.0.0/0 | |||||
HTTPS (443) | TCP (6) | 443 | 0.0.0.0/0 | |||||
Outbound ok, all traffic (ALL on 0.0.0.0/0)
APPSERVERS: THIS GROUP IS FOR THE EC2 APPLICATION SERVERS
|
Type
|
Protocol
|
Port Range
|
Source
|
|
SSH (22)
|
TCP (6)
|
22
|
YOUR IP HERE
|
|
HTTP (80)
|
TCP (6)
|
80
|
LOADBALANCER SECGROUP
|
|
HTTPS (443)
|
TCP (6)
|
443
|
LOADBALANCER SECGROUP
|
6.create your elb
Head over to your EC2 panel, and create a Load balancer.
Step 1. Define Load Balancer
During its creation, select your VPC as Create Inside value, and then select ELB Zone 1 and ELB Zone 2 as its Available subnets.
STEP 2. assign security groups
Select the group you created previously, LOADBALANCER.
STEP 4. ASSIGN SECURITY GROUPS
Configure this per however you will structure a response on your app. If you have no index.html, adjust it to give it something that "response" (index.php perhaps!).
STEP 5. Add EC2 Instances
Very straightforward. Leave "Enable Cross-Zone Load Balancing" checked. If you haven't yet launched EC2 instances into your Private groups (App groups we created above) -- just come back after you have launched them. If you use autoscale groups or any other config, easy enough to bind them to this ELB at that point.
Then, do what you usually do to point a domain to your ELB, using its CNAME, or directly configuring Route 53 to use the ELB as an alias on your zone records.
Your next steps then, might be to:
- Install OpenVPN through the EC2 Marketplace so that you can gain access to things like databases launched within the VPC
- Create 2 more subnets, and a secgroup for Lambda