Create AWS Load Balancer

2 minute read

Description:

Follow these steps to create a load balancer in AWS. In this example, we will be setting up a standard SSL load balancer (port 443).

To Resolve:

  1. Go to https://account.activedirectory.windowsazure.com/r#/applications

  2. Pick account with correct access

  3. Type ‘ec2’ - First get the VM’s that will be behind the load balancer and get their names and subnets.

  4. Choose Load Balancers and ‘create new’ - I have been using ‘Classic’ (even though HTTPS makes more sense, it doesn’t work for some reason)
    • Create a new
    • Choose the port the LB will forward to on the instances - usually 443, but sometimes it may be something custom.
    • Choose the dropdown for LB inside and choose $your inside subnet
    • Select appropriate subnets – PAY ATTENTION - You have to pick a PUBLIC subnet that cooresponds to the virtual machines you want. This screen is for where to place the listener for LB, not choosing where your VM’s are located. This part is VERY Confusing. What you want to do is get the PUBLIC subnet that cooresponds to your EC2 instance’s subnet. There should be a ‘subnets’ menu in AWS when you click on VPCs. What I did was sort by that and then choose any subnet that says the string ‘public’ in its name for each availability zone that my instances are in. Yours will most likely be different based on how your VPC is configured.
    • For example:
      • public5 - matches us-east-1b
      • public1 - matches us-east-1c
      • NOTE: It is best practice to have instances in different availability zones as well so have that done first before doing this!
  5. Add instances - Add tags - Finish.

  6. Now after it is created, get the DNS name from the Description page
    • On Windows, do a test-netconnection to that dns name and confirm that TCPSucceeded is true. If not, you need to modify the security group of the load balancer to ensure that you can access it from whatever IP you are coming from.
  7. Now login to your organization’s IPAM software and create a CNAME record that cooresponds to the DNS name of the load balancer. This is so that end users can hit a normal name in their browser instead of the long cryptic ones AWS assigns.
    • Again, on Windows, do a test-netconnection to that dns name and confirm that TCPSucceeded is true.
  8. Note that if your site requires HTTPS you will need to issue a certificate. In order to use ACM (AWS Cert service), you will go and create one. For example:
    • Go to EC2 – ACM – Request a Certificate
    • Add domain name = blah.domain.com
    • Next – DNS validation – Next – Confirm and request
    • On the list of validations screen, choose your blah.domain.com and expand out Domain. You will see another CNAME to create.
    • Copy the name and value to Notepad
    • In your IPAM software, create the CNAME, but remove ‘.domain.com’ from the name since most IPAM software inserts that automatically.
    • Afterwards, do a Nslookup from your machine and ensure that is returns a value.
    • The screen says it can take up to 72 hours to complete, but it usually completes in less than 30 minutes.
  9. Now in AWS, go to your load balancer - Health Checks - change them to monitor: SSL on 443

  10. While on that screen, ensure that your load balancer is using the certificate issued from ACM.

  11. At this point, your load balancer should be functional. Next step is to create a SAN Cert for the VM’s behind it so they all devices have certificates.

Categories:

Updated: