Hi I am new to AWS and trying to understanding the difference between a load balance, target, target group and security group . I have 2 instances running. Now i want to balance the load coming to these servers. Will load balance be created on a new instance ? what are listeners and how are they different from load balancers?
Asked
Active
Viewed 1.1k times
1 Answers
18
Yes, the load balancer is an EC2 instance to provide the networking and compute services needed for load balancing. This also means that there is a per hour charge for the load balancer EC2 instance.
A Target Group is used to route requests to one or more registered targets (your backed EC2 instances).
A listener is a process that "TCP Listens" for requests from clients. Common listeners are for receiving requests on port 80 (HTTP) and port 443 (HTTPS). The listeners then forward requests to your Target Group.
A Security Group is a firewall that allows or denies network traffic. A security group sits in front (our around) your load balancer protecting it from traffic that you do not allow (want).
There is a lot of information on the Internet. Here is a link to help you get started.
John Hanley
- 74,467
- 6
- 95
- 159
-
Thanks John for the explanation. However, I have a question - suppose my application is running on EC2 instance with IP say 198.1.1.1 and port 80 and my load balancer is running on 197.5.3.5 , then when request to my application 198.1.1.1:80 is made by the user, does it first go to EC2 or the loadbalancer? – Neha Jul 19 '18 at 18:59
-
If the user sends their request directly to your EC2 instance, then the user will bypass your load balancer. You do not want this. You will want to set your security group rules to only allow the load balancer to communicate with your backend EC2 instances. This is done via security groups. – John Hanley Jul 19 '18 at 19:02
-
Thanks John.I have 2 ques -1) Before setting up the security groups,my web app that runs on 198.1.1.1:80 has domain name www.example.com (user call www.example.com).Now after load balancer is created (on 197.5.3.5) & security groups are set up,I want the requests go to loadbalancer first-Typing in www.example.com can the request be routed from 197.5.3.5 to 198.1.1.1:80?I am also trying to understand how conversion from domain name to IP happens? Scenario 2: I am setting up EC2 instance,load balancer,security group from scratch.In this case should i associate loadbalancer IP to www.example.com – Neha Jul 19 '18 at 19:24
-
Security groups do not route requests - they either allow or deny. Once you create the load balancer, you then change your domain name resource records to point to the load balancer - usually example.com and www.example.com. For DNS queries, a client will lookup, for example, www.example.com. In your DNS resource records will be an entry for www. This is then translated (usally) by an A record to an IP address. However, CNAMES are also very common. For AWS, you will use an A-ALIAS record which is simular to a CNAME record. – John Hanley Jul 19 '18 at 19:25
-
You changed your comment question while I was answering the previous version. – John Hanley Jul 19 '18 at 19:27
-
sorry John , i wanted to repharse/update my question, but I accidentally pressed entered and it got saved and would not let me update but delete. – Neha Jul 19 '18 at 19:28
-
For AWS load balancers, you do not want to use the load balancers IP address in your DNS server. The reason is that a load balancer has at least two instances (in two different availability zones). You will want to use the load balancer's dns name in your DNS server's resource record for example.com and www.example.com. – John Hanley Jul 19 '18 at 19:30
-
1To prevent a huge comment thread. Create a new question that is more specific. You can also create several questions. AWS load balancers have a lot of features .... – John Hanley Jul 19 '18 at 19:31