10

If AWS Cloudfront caches your website content for visitors, what’s the point of also setting up an ELB, instead of a standard, single web-server EC2 instance?

As surely, it’s only a few Cloudfront connections that will communicate with the server.

jamesfinney93
  • 103
  • 1
  • 4
  • *"As surely, it’s only a few Cloudfront connections that will communicate with the server."* Why do you suggest this would be the case? Are you planning to encrypt the traffic between CloudFront and your instance? If so, how will you do this? – Michael - sqlbot Mar 01 '18 at 12:54

3 Answers3

17

You do not need an ELB between CloudFront and your single EC2 instance. Both ELB and CloudFront provide additional protection (DDoS) but for a single instance setting up both is not required or necessary.

However, one of the great design benefits of AWS is load balancing and Auto Scaling (ASG). You will need a load balancer to add these features. Web sites do crash and having ASG enabled will make sure that a new instance is launched when your web server becomes unresponsive.

Note. You do not want your EC2 instance to be available to the public Internet. You will attract a large number of hackers who know the AWS IP addresses. This traffic can quickly consume the resources on small T.x instances. Make sure that your Security Groups are setup to only allow traffic from CloudFront.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • 1
    So you're saying I need a Load Balancer running inside the EC2 to only accept traffic from the CloudFront? A Load Balancer should then never directly receive traffic from outside? – Bersan Dec 07 '22 at 20:30
  • @Bersan - I do not understand your comment or how you derived those conclusions. – John Hanley Dec 07 '22 at 21:26
  • _"You will need a load balancer to add these features [...] Note. You do not want your EC2 instance to be available to the public Internet [...] Make sure that your Security Groups are setup to only allow traffic from CloudFront"_, given that a LB runs inside an EC2, then I presume you are describing an architecture of the kind **Application <- Load Balancer <- Cloud Front**, no? – Bersan Dec 08 '22 at 13:39
  • @Bersan the question is discussion the Elastic Load Balancer (ELB) service of Amazon Web Services (AWS). That service does not run inside an EC2 instance that you control. – Blueriver Mar 27 '23 at 19:03
3

This is a broad question. If you really know what you are doing and what you actually need, then if you need just one EC2 instance then you can go with it.

For production environment it is always recommended to have multiple application instances (servers), to avoid single point of failure. Which means, if one server goes down or traffic load increases, the other instance(s) coordinates and keep the application up and running and accessible by the users/customers.

For more details please refer to the original doc:

https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html

Elastic Load Balancing distributes incoming application traffic across multiple EC2 instances, in multiple Availability Zones. This increases the fault tolerance of your applications.

The load balancer serves as a single point of contact for clients, which increases the availability of your application. You can add and remove instances from your load balancer as your needs change, without disrupting the overall flow of requests to your application. Elastic Load Balancing scales your load balancer as traffic to your application changes over time, and can scale to the vast majority of workloads automatically.

You can configure health checks, which are used to monitor the health of the registered instances so that the load balancer can send requests only to the healthy instances. You can also offload the work of encryption and decryption to your load balancer so that your instances can focus on their main work.

https://aws.amazon.com/elasticloadbalancing/

Nah
  • 1,690
  • 2
  • 26
  • 46
2

It is not mandatory to setup an ELB to connect cloudfront with your EC2 instance. You may think so because the AWS console UI shows only ELB, S3 and few others as options for cloudfront origin. I thought so too.

But you can enter the Public IPv4 DNS address of your EC2 instance as the cloudfront origin.

Felix Sundar
  • 21
  • 2