Mirroring AWS Target Groups
The scenario
Using an architecture based on target groups behind an application load balancer it’s a common practice for EC2 based applications.
But what happens when you have several applications that need to be accessible from the internet and need to communicate with each other maintaining the lowest possible latency?
The problem
As there are many applications that interact with each other and rely on vast intercommunication with each other, the problem of latency becomes a considerable issue.
The solution
Many solutions were examined until the right best formula was found:
a) Add an internal load balancer
b) Create a private hosted zone on Route53 thus, enabling the usage of the same URLs for internal and external communications between application.
c) Sync both target groups using a Lambda function
By adding an internal load balancer and configure a private hosted zone on Route53 we can resolve the latency issue, however, that brings us to face new challenges , For example:
If we have configured a Blue/Green deployment process using AWS Developer Tools (linked to the post that explain the CI/CD process) which update the external load balancer target group we will need to update the internal load balancer target group as well.
To achieve this, we can use Cloudtrail to track the changes in the public target group, Cloudwatch to trigger an event for each change in the target group and a lambda function to mirror the changes in the internal load balancer target group.
The solution flowchart described as follows:
Technical solution step by step procedure
In the upcoming section, I shall lead you step by step on how to get this mechanism up and running.
Route 53
Definition- Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.
1. Go to “Route 53” service, select “Hosted zones” section and press the “Create Hosted Zone” button.
2. Leave everything as default, beside these attributes:
· Domain name- Enter the domain that you wish to host (example.com)
· Type- Select the “Private Hosted Zone for Amazon VPC” option
· VPC ID- Lookup for your internal load balancer VPC ID
3. Enter the new domain and click on the “Create Record Set” button
4. Leave everything as default, besides these attributes:
· Name- Enter the name of the site that you wish to publish (App.example.com)
· Alias- Choose Yes and on Alias Target lookup for you internal load balancer name
· Type- Select the “Private Hosted Zone for Amazon VPC” option
5. Push on the Create button
Cloud Trail
Definition- AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, one can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS service.
1. Go to “Cloud trail” service, select “Trails” section and press the “Create trail” button.
2. Leave everything as default, beside these attributes:
· Apply trail to all regions — Choose “no” if you want the trail only one region
· S3 bucket — Select a name that would be indicative to your organization naming convention
3. Click on the “Create” button.
Lambda
Definition- AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume — there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service — all with zero administration.
1. Go to “Lambda” service, under “Functions” press on “Create Function”
2. Leave everything as default beside these attributes:
· Function name — Select a name that would be indicative to your organization naming convention
· Runtime — Python 3.6
3. Under the “Function code” section paste the following code
4. Press on the “Save” button
The Lambda function needs to have a suitable permission in order to deal with the Target group resources, therefor we will grant a suitable policy to its predefined role.
5. Go to “IAM” service and press on “Roles”.
6. Under “Roles” look for the following role name convention:
“The Lambda function name from step ‘2’ “-role-” random sequence”
7. click on the “Roles”
8. click on “Attach policy”
9. Click on “Create policy” choose on “JSON” tab and enter the following text.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1588516194702",
"Action": [
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": "*"
}
]
}10. Click on “Review policy” button.
11. Enter the name of the policy and create it.
Cloud Watch
Definition- CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers.
1. Go to “Cloud Watch” service, under “Events” click on “Rules” and press the “Create rule” button.
2. In the “Event source” section, leave everything as default beside these attributes:
· Service Name- Elastic Load Balancers
· Event Type- AWS API Call via Cloud Trail
· In the radio button section pick: “Specific operation(s)” and enter “RegisterTargets” & “DeregisterTargets” in the free text boxs
3. In the “Targets” section, leave everything as default beside these attributes:
· In the first combobox select — “Lambda function”
· In the second combobox select — your Lambda function’s name
4. Click on “Configure details” button
5. Enter a name for your rule
6. Click on “Create Rule”
Conclusion
Great, you did it!
With technological creativity and open minds we can achieve great things and create great solutions.
Hope it was helpful,
Or Maman
www.linkedin.com/in/ormaman
Orm@sela.co.il
