Knowledge Base/Engine Yard Early Access/Early Access

Use Elastic Load Balancing with Engine Yard Cloud

Keri Meredith
posted this on July 17, 2012 03:26 PM

Updated: June 24th, 2013

The Elastic Load Balancing (ELB) feature allows you to use the Amazon Elastic Load Balancing service with your AWS environments.

ELB distributes requests to instances (servers) in multiple availability zones (AZs) in a way that minimizes the risk of overloading one single instance. And if an entire AZ goes offline, ELB routes traffic to instances in another AZ. ELB also monitors the health of instances registered with the load balancer and sends requests only to the healthy instances. If an instance becomes unhealthy, ELB stops sending traffic to that instance and spreads the load across remaining healthy instances.

ELB takes some of the load off the app_master (which, by default, balances traffic across all instances using HAProxy). ELB reveals the client's IP address with HTTPS connections (with HAProxy, this requires a stunnel configuration). ELB also allows for multiple SSL certificates in an environment (with HAProxy you must use wildcard certificates; with ELB you can use certificates for multiple domains).

Finally, ELB allows an environment to run multiple apps with SSL (when SSL is ELB terminated).

Get help or provide feedback

If you have any issues or questions about this Early Access feature, use the Early Access Feature Feedback forum.

Get started with Elastic Load Balancing

This document describes how to use Elastic Load Balancing in the Engine Yard Cloud environment:

Enable the Elastic Load Balancing feature

You need to enable the Early Access feature before you can participate in the program.

To enable the Elastic Load Balancing Early Access

  1. Log in to your Engine Yard Cloud account.

  2. On the dashboard, click Tools > Early Access on the toolbar.

  3. Next to the Load Balancers feature, click Enable.

    The ELB-related functionality becomes available.

Add a load balancer

You need to name your load balancer and decide on the SSL configuration.

Note: You can create up to 10 elastic load balancers per region. If you need more than this, contact Engine Yard Support.

To add a load balancer

  1. On the dashboard, click Load Balancers in the More Options section.

    The Load Balancers page displays.

  2. Type a unique name for the load balancer.

  3. Determine the SSL configuration that you need.

    Select if and how to terminate SSL:

    • Disabled - The ELB does not respond to SSL requests.
    • AppServer - This is an SSL pass-through method, where the ELB acts as a TCP proxy, passing SSL requests through to the app instances (which use existing mechanisms for SSL).
    • ELB - The ELB itself deals with SSL and passes decrypted traffic through to the app instances. This requires an SSL certificate to be uploaded to Amazon (as an ELB SSL Certificate on the SSL Certificates page). This will offload SSL decryption from the app instances and centralize SSL certificate management.

      Note: If the app_master is already using an SSL certificate, then you need to reload that certificate as an ELB SSL certificate.

  4. Click Create ELB.

    You will need to wait quite a while (10-15 minutes) for the ELB to provision and attach app instances.

    Notes:

    • After creating an ELB, it will not begin serving traffic for a period of time.
    • ELBs balance across availability zones (AZs) using round-robin DNS (for example, app instances in 3 AZs splits 1/3 of the traffic to each AZ).
    • ELBs balance within an AZ evenly across all app instances in that AZ (for example, with 2 app instances in an AZ, each gets 1/2 of that AZ's traffic).
    • Because of these simplistic balancing strategies, it's best if you have the same number of app instances in each AZ so that each app instance gets a roughly equal share of the traffic.
    • Having at least 3 app instances in an AZ will help mitigate the risk of flooding an app instance with requests in the event that a peer app instance becomes unavailable.
    • If an entire AZ's instances are terminated, traffic to that AZ is disabled. If the instances simply stop serving traffic for some reason, that AZ will still get traffic but it will have nowhere to go.
  5. Refresh the page to verify that the load balancer has been added. It should look something like this:

    AWS_ELB.png

  6. If you chose ELB terminated SSL, click Add an ELB SSL Certificate. (If you need to change your SSL choice, click Edit.)

    The Create New ELB SSL Certificate page appears.

    Continue to Add an ELB SSL certificate for a load balancer.

  7. If you are ready to activate your load balancer, see Activate a load balancer.

Add an ELB SSL certificate for a load balancer

If you chose ELB terminated SSL, you need to add the ELB SSL certificate for the load balancer. If the app_master is already using an SSL certificate, then you need to reload that certificate as an ELB SSL certificate.

Note: There is a limit of 10 SSL certificates per region, per account. If you need more than this, contact Engine Yard Support.

To add an SSL certificate to your Engine Yard account, you need your key file; the CRT file from your vendor; and, if your vendor provided one, the certificate chain file. See obtain and install SSL certificates for more information.

To add an ELB SSL certificate

  1. If you are not on the SSL Certificates page:

    a. From the dashboard, click Tools > SSL Certificates on the toolbar.

    The SSL Certificates page appears.

    b. Click Add Provider SSL Certificate.

    The Create New SSL Certificate page appears.

  2. If you have access to more than one ELB-enabled account, select an account.

  3. Enter a name in the SSL Certificate Name field.

  4. In the SSL Certificate text box, paste the contents of the CRT file.

  5. In the SSL Certificate Key text box, paste the SSL Certificate Key.

  6. If you have a certificate chain file, paste it into the SSL Certificate Chain field.

  7. Click Add Certificates.

    Engine Yard Cloud uploads your ELB SSL certificate information.

    Continue to Activate a load balancer.

Activate a load balancer

To activate the new load balancer, you need to move your custom domain name from the app_master to the ELB load balancer instance.

To activate a load balancer

  1. On the dashboard, click Load Balancers in the More Options section.

    The Load Balancers page displays.

  2. Find the Hostname for your load balancer; this is the DNS (Domain Name System) name. For example:

    EYelb-866271027.us-west-2.elb.amazonaws.com
  3. Cut/paste the Hostname and provide it to your domain name provider.

  4. Ask your domain name provider to move your custom domain name from the app_master to the load balancer hostname.

    Note: Your domain name provider needs to create a CNAME record using the hostname to get load balancing to function properly.

  5. If you need to set up a zone apex alias, or for more information about CNAME records, see the AWS documentation, Using Domain Names with Elastic Load Balancing.

  6. Continue to Verify a load balancer.

Verify a load balancer

To verify the new load balancer and its new DNS name, you can use a simple shell command.

To verify a load balancer

  1. Open a UNIX shell.

  2. Type:

    host your.customdomainname.com
  3. Verify that it returns the hostname for the load balancer. For example:

    your.customdomainname.com has address EYelb-866271027.us-west-2.elb.amazonaws.com
  4. If the address is still the app_master address, you might need to wait for DNS propagation; try again after a few minutes or contact your domain name provider.

    For more information see Using domain names with ELB.

Delete a load balancer

Before deleting a load balancer, ensure that traffic is no longer being directed to that hostname. You should have configured and verified a replacement load balancer (or use the regular elastic IP method) to serve traffic before removing it.

Warning: Deleting a load balancer can cause a service disruption to any customers connected to the load balancer.

To delete a load balancer

  1. On the dashboard, click Load Balancers in the More Options section.

    The Load Balancers page displays.

  2. Find the Hostname for your load balancer. For example:

    EYelb-866271027.us-west-2.elb.amazonaws.com
  3. Once you have confirmed that the load balancer is no longer receiving traffic, then you can click Delete next to the load balancer name.

  4. Refresh the page to verify that the load balancer has been deleted.

FAQs

You might have these questions about the ELB load balancing feature.

How do I know that ELB / the load balancer is working?

The easiest way to check that a load balancer is working is to visit it. The hostname of the load balancer is listed on the Load Balancers page for an environment. Click the hostname to visit the app; your application should appear.

How can I tell which instances are attached to a load balancer?

All app instances in the environment are automatically added to all load balancers in the environment.

Can I see the amount of traffic going through a load balancer and to specific instances?

We aren't exposing a special way to see this.

Are there any health warnings or other health-check stats I can review?

We'd like to offer a status page showing which app instances the load balancer thinks are healthy and unhealthy, but have not released it yet.

Can I have multiple SSL certificates on a single environment?

Yes. Each SSL will need its own ELB. Follow the directions above for each SSL you need to use, creating a new ELB for each SSL certificate.

How do I update an expired certificate?

Add a new certificate with a new name, switch all load balancers to it, and remove the old one.

Note: Amazon does not provide a way to change an existing certificate.


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

 

Comments

User photo
Christopher Bailey
HotelTonight

Given the time it takes for DNS changes to percolate, as well as the setup time for ELB per above, will our app master still be running HAProxy and serving traffic sent to it via the existing DNS/IP Address configuration? I'd like to understand what the actual downtime impact would be if we changed an existing setup to use ELB.

February 15, 2013 10:55 AM
User photo
Josh Hamilton
Engine Yard Inc.

When you add ELB, your app master and HAProxy will continue to run and serve traffic. We do not do a cookbook run to stop HAProxy. Your previous configuration should still continue to sever traffic until ELB and your DNS changes take place, meaning you should not have any downtime. 

Support will be able to help walk you through these steps and answer any further questions on how this happens. Thanks!

February 15, 2013 11:50 AM
User photo
Mullen Host
Mullen Developers

May need to edit this documentation - current interface reads 'add provider ssl certificate' with aws as a dropdown. 

June 04, 2013 05:24 PM
User photo
Tasha Drew
Engine Yard Inc.

Thanks Mullen! I'll ask our tech writers to take a look.

June 05, 2013 05:02 PM
User photo
Keri Meredith
Engine Yard Inc.

Hi Mullen, meant to get back to this comment - if you can tell us which section above you are referring to specifically, that would be great. Otherwise, we've logged a ticket to test this out ourselves. thanks! kjm

[DOC-940]

June 05, 2013 05:14 PM
User photo
Mullen Host
Mullen Developers

No problem - section 1b under 'To add an ELB SSL certificate'

Looks like the workflow may be a little different now.

June 05, 2013 09:10 PM
User photo
Diana Lam
Engine Yard Inc.

Hi Mullen. I've updated the process flow based on your feedback. Please let me know if you have any further feedback.  Thanks. -diana

June 24, 2013 04:05 PM