Bobcares

Configure AWS load balancer with Cloudformation – How we do it

by | Mar 4, 2021

Wondering how to create and configure an AWS load balancer? We can help you create it.

Here at Bobcares, we have seen several such AWS-related queries as part of our AWS Support Services for AWS users, and online service providers.

Today we shall see how to create an Application Load balancer and its dependencies using CloudFormation.

 

How to create and Configure AWS Application Load Balancer with CloudFormation

Now let’s see how our Support Engineers do it.

 

Step 1: Create CloudFormation Template for creating AWS Load Balancer

First, we use the below code for the CloudFormation template.

AWSTemplateFormatVersion: “2010-09-09”
Description: “Create ALB, ALB security group, target groups, listeners and listener rules”
Parameters:
VPC:
Type: String
Description: The vpc to launch the service
Default: vpc-ID

PublicSubnet1:
Type: String
Description: The subnet where to launch the service
Default: subnet-ID

PublicSubnet2:
Type: String
Description: the subnet where to Launch the service
Default: subnet-ID

Resources:
ALBSecurityGroup:
Type: “AWS::EC2::SecurityGroup”
Properties:
GroupDescription: “security group for ALB”
GroupName: “test-ALB-SG”
Tags:
–
Key: “Project”
Value: “test-blog”
–
Key: “createdBy”
Value: “Maureen Barasa”
–
Key: “Environment”
Value: “test”
–
Key: “Name”
Value: “test-ALB-SG”
VpcId: !Ref VPC
SecurityGroupIngress:
–
CidrIp: “0.0.0.0/0”
FromPort: 80
IpProtocol: “tcp”
ToPort: 80
–
CidrIp: “0.0.0.0/0”
FromPort: 443
IpProtocol: “tcp”
ToPort: 443

ApplicationLoadBalancer:
Type: “AWS::ElasticLoadBalancingV2::LoadBalancer”
Properties:
Name: “test-Application-Load-Balancer”
Scheme: “internet-facing”
Type: “application”
Subnets:
– !Ref PublicSubnet1
– !Ref PublicSubnet2
SecurityGroups:
– !Ref ALBSecurityGroup
IpAddressType: “ipv4”
LoadBalancerAttributes:
–
Key: “access_logs.s3.enabled”
Value: “false”
–
Key: “idle_timeout.timeout_seconds”
Value: “60”
–
Key: “deletion_protection.enabled”
Value: “false”
–
Key: “routing.http2.enabled”
Value: “true”
–
Key: “routing.http.drop_invalid_header_fields.enabled”
Value: “false”

HTTPSListener:
Type: “AWS::ElasticLoadBalancingV2::Listener”
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 443
Protocol: “HTTPS”
SslPolicy: “ELBSecurityPolicy-2016-08”
Certificates:
–
CertificateArn: arn:aws:acm:eu-central-1:**************:certificate/*********************

DefaultActions:
–
Order: 1
TargetGroupArn: !Ref Test1TargetGroup
Type: “forward”

HTTPListener:
Type: “AWS::ElasticLoadBalancingV2::Listener”
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: “HTTP”
DefaultActions:
–
Order: 1
RedirectConfig:
Protocol: “HTTPS”
Port: “443”
Host: “#{host}”
Path: “/#{path}”
Query: “#{query}”
StatusCode: “HTTP_301”
Type: “redirect”

Test1TargetGroup:
Type: “AWS::ElasticLoadBalancingV2::TargetGroup”
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckPath: “/”
Port: 80
Protocol: “HTTP”
HealthCheckPort: “traffic-port”
HealthCheckProtocol: “HTTP”
HealthCheckTimeoutSeconds: 5
UnhealthyThresholdCount: 2
TargetType: “instance”
Matcher:
HttpCode: “200”
HealthyThresholdCount: 5
VpcId: !Ref VPC
Name: “target-group-1”
HealthCheckEnabled: true
TargetGroupAttributes:
–
Key: “stickiness.enabled”
Value: “false”
–
Key: “deregistration_delay.timeout_seconds”
Value: “300”
–
Key: “stickiness.type”
Value: “lb_cookie”
–
Key: “stickiness.lb_cookie.duration_seconds”
Value: “86400”
–
Key: “slow_start.duration_seconds”
Value: “0”
–
Key: “load_balancing.algorithm.type”
Value: “round_robin”

Test2TargetGroup:
Type: “AWS::ElasticLoadBalancingV2::TargetGroup”
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckPath: “/”
Port: 80
Protocol: “HTTP”
HealthCheckPort: “traffic-port”
HealthCheckProtocol: “HTTP”
HealthCheckTimeoutSeconds: 5
UnhealthyThresholdCount: 2
TargetType: “instance”
Matcher:
HttpCode: “200”
HealthyThresholdCount: 5
VpcId: !Ref VPC
Name: “target-group-2”
HealthCheckEnabled: true
TargetGroupAttributes:
–
Key: “stickiness.enabled”
Value: “false”
–
Key: “deregistration_delay.timeout_seconds”
Value: “300”
–
Key: “stickiness.type”
Value: “lb_cookie”
–
Key: “stickiness.lb_cookie.duration_seconds”
Value: “86400”
–
Key: “slow_start.duration_seconds”
Value: “0”
–
Key: “load_balancing.algorithm.type”
Value: “round_robin”

TestListenerRule1:
Type: “AWS::ElasticLoadBalancingV2::ListenerRule”
Properties:
Priority: “1”
ListenerArn: !Ref HTTPSListener
Conditions:
–
Field: “host-header”
Values:
– “test1.blog.avrcr.com”
Actions:
–
Type: “forward”
TargetGroupArn: !Ref Test1TargetGroup
Order: 1
ForwardConfig:
TargetGroups:
–
TargetGroupArn: !Ref Test1TargetGroup
Weight: 1
TargetGroupStickinessConfig:
Enabled: false

TestListenerRule2:
Type: “AWS::ElasticLoadBalancingV2::ListenerRule”
Properties:
Priority: “2”
ListenerArn: !Ref HTTPSListener
Conditions:
–
Field: “host-header”
Values:
– “test2.blog.com”
Actions:
–
Type: “forward”
TargetGroupArn: !Ref Test2TargetGroup
Order: 1
ForwardConfig:
TargetGroups:
–
TargetGroupArn: !Ref Test2TargetGroup
Weight: 1
TargetGroupStickinessConfig:
Enabled: false

Outputs:
ALB:
Description: The created loadbalancer
Value: !Ref ApplicationLoadBalancer

TargetGroup1:
Description: The created TargetGroup 1
Value: !Ref Test1TargetGroup

TargetGroup2:
Description: The created TargetGroup 2
Value: !Ref Test2TargetGroup

LoadBalancerSecurityGroup:
Description: the securty group for the ALB
Value: !Ref ALBSecurityGroup

Here is the explanation for the CloudFormation Template.

The template comprises of 3 sections: Parameters, Resources and Outputs.

Parameters section

The user inputs their dynamic variables in the parameters section. Also, the user can customize the template by inputting their VPC and Subnets IDs. In our case, the load balancer is internet-facing hence we need to have it created on public subnets.

Resources Section

In this section, the user can define the AWS resources they create. Here, on our template, first, we create the load balancer security group. It allows inbound traffic from port 80 and 443.

Next, the template creates a load balancer. Here, the user can customize the name of the load balancer, the scheme, or whether it will be internal or internet-facing.

The template creates the two listeners for the load balancer as we have opened port 80 and 443.

Next, the template creates two target groups.

Finally, the template creates listener rules.

Outputs Section

This section outputs the names of the resources we created.

 

Step 2: Create CodePipeline to Deploy Template

We use the below code cloudformation template to create the CodePipeline role to deploy the template to CloudFormation.

AWSTemplateFormatVersion: “2010-09-09”
Description: “Template to create centos ec2 instance and install ssm on it”

Resources:
IAMInstanceRole:
Type: ‘AWS::IAM::Role’
Properties:
Description: The SSM Instance Profile
RoleName: codepipeline-test
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
– Effect: Allow
Principal:
Service:
– cloudformation.amazonaws.com
Action:
– ‘sts:AssumeRole’
ManagedPolicyArns:
– arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
– arn:aws:iam::aws:policy/CloudWatchFullAccess
– arn:aws:iam::aws:policy/AmazonEC2FullAccess
Tags:
–
Key: “Project”
Value: “test-blog”
–
Key: “Environment”
Value: “test”
–
Key: “createdBy”
Value: “Maureen Barasa”
–
Key: “Name”
Value: “codepipeline-test”

IAMInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: codepipeline-test
Roles:
– !Ref IAMInstanceRole

Outputs:
Profile:
Description: The created Instance Profile
Value: !Ref IAMInstanceProfile

Role:
Description: The created role
Value: !Ref IAMInstanceRole
  • Next, we go to the CodeCommit console. Here, we create a code commit repository. Then we commit the alb template to the repository.
  • On the CodePipeline console, we select create pipeline.
  • After that, we choose pipeline settings. For service role, we opt to create a new service role.
  • Also, under Advanced Settings, we choose the S3 bucket that we will use to store the artifacts. For the encryption key, we choose the default AWS key. Then we click next.
  • On the add source stage screen, we choose code commit as the source provider.
  • We then enter the details of the CodeCommit repository name and the branch. Also, for change detection we leave the setting to Amazon CloudWatch Events. This enables CloudWatch to detect changes made on the code and auto-start the pipeline to update those changes. When done we click next.
  • On the add build stage screen, we click skip build stage.
  • Finally, on the add deploy stage screen, we select CloudFormation as the deployment option.
  • We then fill in the details for the CloudFormation deployment.
  • The next stage allows the user to review all the configurations done. If all configurations are correct, we click on create pipeline.
  • Finally, now we have created the first pipeline to deploy a CloudFormation template.

[Still, not able to create AWS load balancer? – We are here to help you.]

 

Conclusion

Today, we saw how our Support Engineers create an Application Load balancer and its dependencies using CloudFormation.

Get 24x7 monitoring for your AWS servers

There are proven ways to get even more out of your AWS Infrastructure! Let us help you.

Spend your time in growing business and we will take care of AWS Infrastructure for you.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF