EzDevInfo.com

amazon-elb interview questions

Top amazon-elb frequently asked interview questions

Redirecting EC2 elb from http to https

I want to redirect all the http request to https request on elb. I have 2 ec2 instances. I am using nginx for the server. I have tried a rewriting the nginx conf files without any success. I would love some advice on it.


Source: (StackOverflow)

AWS: "Unable to parse certificate. Please ensure the certificate is in PEM format."

I am trying to update a wildcard certificate for EC2 instances on AWS. The service these servers belong to consists of a single server and a set of servers behind AWS ELB.

The certificate has been successfully updated and verified on the single server.

The same is true for an instance pulled up from the image the ELB uses for AutoScaling.

However, when trying to add a new certificate to the load-balancer, I get the above error. I'm sure the certificate is correct and is in PEM format. I first tried via the web console, then using the aws aim command line tools with the same result.

Anyone came across similar issue recently?


Source: (StackOverflow)

Advertisements

Why does Elastic Load Balancing report 'Out of Service'?

I am trying to set up Elastic Load Balancing (ELB) in AWS to split the requests between multiple instances. I have created several images of my webserver based on the same AMI, and I am able to ssh into each individually and access the site via each distinct public DNS.

I have added each of my instances to the load balancer, but they all come back with the Status: Out of Service because they failed the health check. I'm mostly confused because I can access each instance from its public DNS, but I get a timeout whenever I visit the load balancer DNS name.

I've been trying to read through all the docs and googling it, but I'm stuck. Any pointers or links in the right direction would be greatly appreciated.


Source: (StackOverflow)

How do you put up a maintenance page for AWS when your instances are behind an ELB?

How do you put up a maintenance page in AWS when you want to deploy new versions of your application behind an ELB? We want to have the ELB route traffic to the maintenance instance while the new auto-scaled instances are coming up, and only "flip over" to the new instances once they're fully up. We use auto-scaling to bring existing instances down and new instances, which have the new code, up.

The scenario we're trying to avoid is having the ELB serve both traffic to new EC2 instances while also serving up the maintenance page. Since we dont have sticky sessions enabled, we want to prevent the user from being flipped back and forth between the maintenance-mode page and the application deployed in an EC2 instance. We also can't just scale up (say from 2 to 4 instances and then back to 2) to introduce the new instances because the code changes might involve database changes which would be breaking changes for the old code.


Source: (StackOverflow)

Install Wildcard Certificate onto AWS EC2 Load Balancer

I'm having trouble. I followed a guide that I found here

http://www.thenetworkadministrator.net/index.php/2011/12/iis-ssl-certificate-into-amazon-elastic-load-balancer/

And exported by cert and created all those files, but it doesn't tell you which file goes in which field. I tried what I think is all the combinations but it doesn't accept it

I Setup the balancer as follows

enter image description here

Then I try to setup the certificate

enter image description here

Then you can see it tells me it's invalid.

In case it helps I exported from IIS and followed the tutorial on the link provided and the certificate is a DigiCert Wildcard Certificate ie (*.domain.com)


Source: (StackOverflow)

Symfony2 behind ELB is redirecting to http instead of https

Issue:

security.yml:

security:

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern:    ^/
            form_login:
                check_path: /login_check
                login_path: /login
                default_target_path: /profile
                provider: fos_userbundle
            logout:
                path:   /logout
                target: /splash
            anonymous: ~

    access_control:
        - { roles: ROLE_USER, requires_channel: https }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

    acl:
        connection: default

Environment Architecture:

enter image description here

The Server1 and Server2 holds Symfony2 application.

Question:

How to force Symfony to generate redirect URL with https protocol instead http?

So far I have looked at these docs, and the solution didn't work work in my case:


Source: (StackOverflow)

How to gracefully shut down or remove AWS instances from an ELB group

I have a cloud of server instances running at Amazon using their load balancer to distribute the traffic. Now I am looking for a good way to gracefully scale the network down, without causing connection errors on the browser's side.

As far as I know, any connections of an instance will be rudely terminated when removed from the load balancer.

I would like to have a way to inform my instance like one minute before it gets shut down or to have the load balancer stop sending traffic to the dying instance, but without terminating existing connections to it.

My app is node.js based running on Ubuntu. I also have some special software running on it, so I prefer not to use the many PAAS offering node.js hosting.

Thanks for any hints.


Source: (StackOverflow)

Trouble getting https to work with self signed certificate on aws elastic load balancer

I am having issue configuring https on my aws elastic load balancer using a self-signed certificate. After I've done with the set up, making connection to https endpoint does not work. http connection is still fine.

Here's what I did.

  1. Generate the self-signed certificate using this command

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

  2. Verified the key and certificate is working by using this command:

    openssl rsa -in privateKey.key -check
    openssl x509 -in certificate.crt -text -noout

  3. Convert the certificate the key and the cert into a .pem encoded format to comply with aws certificate requirement.

    openssl rsa -in privateKey.key -text > private.pem

    openssl x509 -inform PEM -in certificate.crt > public.pem

  4. Upload the certificate to my elastic load balancer using the the AWS Management Console http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html. For the private key and public cert value, I used the private.pem and public.pem that were generated in step 3.

  5. Go into EBL Listener configuration, added a https listener and used the certificate that I just uploaded. Here's the configuration for the Listener:

    enter image description here

Any thought on what might be wrong in my configuration? Thanks!!!


Source: (StackOverflow)

HTTP2 over AWS ELB under TCP Mode

Does anyone have the experience using HTTP2 server behind AWS ELB running in TCP Mode?

As I know, AWS ELB does not support HTTP2 now, however, by using TCP mode, it should pass the request to the backend server transparently.

Does someone have the experience for sharing?

Thank you.


Source: (StackOverflow)

How do you get Amazon's ELB with HTTPS/SSL to work with Web Sockets?

This doesn't seem to be working right now. I'm using Faye with NodeJS behind an Amazon ELB. When I switch on HTTPS the connections can no longer be brokered. I found a question here unanswered: https://forums.aws.amazon.com/message.jspa?messageID=283293 . Anyone able to get this working? Are there any work around outside of running my own instance of HAProxy?


Source: (StackOverflow)

Deleting uploaded certificate from elastic load balancer

I've been testing and experimenting a bit to find out how exactly to upload SSL Certificates to AWS's Elastic Load Balancer (figuring out issues with different key and certificate encodings).

Therefore I have quite a few test certificates on there that I've generated with either the wrong information, missing certificate chains or just bogus data.

As far as I can see there is no way to delete these certificates, or even update/replace the ones that are missing certain information. AWS's instructions to "updating a certificate" (http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html) actually just shows you how to change the load balancer listener to use a different certificate that is either already on there or that you can then upload as well! (that's exactly how I ended up with so many certificates on there in the first place).

Could someone please tell me that I'm wrong and there is a way to delete them? :D (and preferably also how to do that)


Source: (StackOverflow)

Can ELB redirect request depending on the URL?

I am trying to set up my application server behind the Amazon Elastic Load Balancer. I am thinking to have one server dedicated for old version, and all other server dedicated for new version. I am thinking to implement this using version id in path parameter

e.g.

Current Version(3.0) : http://example.com/APPNAME/service

Old Version(2.2) : http://example.com/APPNAME/v2.2/service

I would like to know:

  1. Does ELB has ability to look into HTTP request?
  2. Can ELB redirect request depending on the URL Path Parameter?

Thanks


Source: (StackOverflow)

Amazon ELB in VPC

We're using Amazon EC2, and we want to put an ELB (load balancer) to 2 instances on a private subnet. If we just add the private subnet to the ELB, it will not get any connections, if we attach both subnets to the ELB then it can access the instances, but it often will get time-outs. Has anyone successfully implemented an ELB within the private subnet of their VPC? If so, could you perhaps explain the procedure to me?

Thanks


Source: (StackOverflow)

Why can't my ECS service register available EC2 instances with my ELB?

I've got an EC2 launch configuration that builds the ECS optimized AMI. I've got an auto scaling group that ensures that I've got at least two available instances at all times. Finally, I've got a load balancer.

I'm trying to create an ECS service that distributes my tasks across the instances in the load balancer.

After reading the documentation for ECS load balancing, it's my understanding that my ASG should not automatically register my EC2 instances with the ELB, because ECS takes care of that. So, my ASG does not specify an ELB. Likewise, my ELB does not have any registered EC2 instances.

When I create my ECS service, I choose the ELB and also select the ecsServiceRole. After creating the service, I never see any instances available in the ECS Instances tab. The service also fails to start any tasks, with a very generic error of ...

service was unable to place a task because the resources could not be found.

I've been at this for about two days now and can't seem to figure out what configuration settings are not properly configured. Does anybody have any ideas as to what might be causing this to not work?

Update @ 06/25/2015:

I think this may have something to do with the ECS_CLUSTER user data setting.

In my EC2 auto scaling launch configuration, if I leave the user data input completely empty, the instances are created with an ECS_CLUSTER value of "default". When this happens, I see an automatically-created cluster, named "default". In this default cluster, I see the instances and can register tasks with the ELB like expected. My ELB health check (HTTP) passes once the tasks are registered with the ELB and all is good in the world.

But, if I change that ECS_CLUSTER setting to something custom I never see a cluster created with that name. If I manually create a cluster with that name, the instances never become visible within the cluster. I can't ever register tasks with the ELB in this scenario.

Any ideas?


Source: (StackOverflow)

Accessing AWS EC2 instances through ELB

I'm trying to set up two instances under an elastic load balancer, but cannot figure out how I'm supposed to access the instances through the load balancer.

I've set up the instances with a security group to allow access from anywhere to certain ports. I can access the instances directly using their "Public DNS" (publicdns) host name and the port PORT:

http://[publicdns]:PORT/

The load balancer contains the two instances and they are both "In Service" and it's forwarding the port (PORT) onto the same port on the instances.

However, if I request

http://[dnsname]:PORT (where dnsname is the A Record listed for the ELB)

it doesn't connect to the instance (connection times out).

Is this not the correct way to use the load balancer, or do I need to do anything to allow access to the load balancer? The only mention of security groups in relation to the load balancer is to restrict access to the instances to the load balancer only, but I don't want that. I want to be able to access them individually as well.

I'm sure there's something simple and silly that I've forgotten, not realised or done wrong :P

Cheers, Svend.


Extra info added:

The Port Configuration for the Load Balancer looks like this (actually 3 ports):

10060 (HTTP) forwarding to 10060 (HTTP) Stickiness: Disabled(edit)

10061 (HTTP) forwarding to 10061 (HTTP) Stickiness: Disabled(edit)

10062 (HTTP) forwarding to 10062 (HTTP) Stickiness: Disabled(edit)

And it's using the standard/default elb security group (amazon-elb-sg).

The instances have two security groups. One external looking like this:

22 (SSH)          0.0.0.0/0
10060 - 10061 0.0.0.0/0
10062              0.0.0.0/0

and one internal, allowing anything within the internal group to communicate on all ports:

0 - 65535 sg-xxxxxxxx (security group ID)

Not sure it makes any difference, but the instances are m1.small types of image ami-31814f58.


Something that might have relevance:

My health check used to be HTTP:PORT/ but the load balancer kept saying that the instances were "Out of Service", even though I seem to get a 200 response on the request on that port.

I then changed it to TCP:PORT and it then changed to say they were "In Service".

Is there something very specific that should be returned for the HTTP one, or is it simply a HTTP 200 response that's required? ... and does the fact that it wasn't working hint towards why the load balancing itself wasn't working either?


Source: (StackOverflow)