1 00:00:00,340 --> 00:00:01,320 Okay, so in this lecture, 2 00:00:01,320 --> 00:00:02,827 we're going to create a Classic Load Balancer. 3 00:00:02,827 --> 00:00:05,260 But to do so first, let's launch an instance. 4 00:00:05,260 --> 00:00:07,110 Very quickly, just the way we've done it before. 5 00:00:07,110 --> 00:00:08,780 we'll choose Amazon Linux 2, 6 00:00:08,780 --> 00:00:12,740 a t2 micro and we'll configure it to have the web server 7 00:00:12,740 --> 00:00:13,573 as we had from before. 8 00:00:13,573 --> 00:00:16,740 So, if we go in here, copy the entire script 9 00:00:16,740 --> 00:00:18,460 and paste it entirely, 10 00:00:18,460 --> 00:00:19,860 then Add Storage. 11 00:00:19,860 --> 00:00:20,900 Everything looks good. 12 00:00:20,900 --> 00:00:22,240 Add Tags, Security Group. 13 00:00:22,240 --> 00:00:24,880 We will use the existing security group here from before. 14 00:00:24,880 --> 00:00:26,680 So, launch-wizard-1 15 00:00:26,680 --> 00:00:28,780 and click on Review and Launch, and Launch. 16 00:00:28,780 --> 00:00:31,448 We're going to create our EC2 Instance. 17 00:00:31,448 --> 00:00:33,810 And this EC2 Instance right here 18 00:00:33,810 --> 00:00:34,960 is going to have a web server. 19 00:00:34,960 --> 00:00:38,690 So, I will keep this in here while it starts. 20 00:00:38,690 --> 00:00:41,930 And the left hand side, I'm gonna go into Load Balancers. 21 00:00:41,930 --> 00:00:44,270 So, I am in the Load Balancer consoles 22 00:00:44,270 --> 00:00:45,800 and I will create my first Load Balancer. 23 00:00:45,800 --> 00:00:47,750 So, I have four options available to me. 24 00:00:47,750 --> 00:00:50,464 There is Application Load Balancer, Network Load Balancer, 25 00:00:50,464 --> 00:00:54,030 Gateway Load Balancer and Classic Load Balancer. 26 00:00:54,030 --> 00:00:55,597 So, as we can see the Classic 27 00:00:55,597 --> 00:00:57,940 is sort of deprecated as Previous Generation. 28 00:00:57,940 --> 00:00:59,180 So, we can still create it, 29 00:00:59,180 --> 00:01:02,130 but it's discouraged by areas to use it. 30 00:01:02,130 --> 00:01:05,730 We'll see ALD and NLB in the next lectures 31 00:01:05,730 --> 00:01:09,080 and Gateway Load Balancer for now is out of scope. 32 00:01:09,080 --> 00:01:12,870 So, let's click and create a Classic Load Balancer. 33 00:01:12,870 --> 00:01:16,080 I'll call it my-demo-clb. 34 00:01:16,080 --> 00:01:18,550 We'll create inside of My Default VPC 35 00:01:18,550 --> 00:01:20,470 and we can make this an internal load balancer 36 00:01:20,470 --> 00:01:21,530 if you wanted to keep it private. 37 00:01:21,530 --> 00:01:23,050 But we want to access it from our computer. 38 00:01:23,050 --> 00:01:25,820 So, we will leave this unticked 39 00:01:25,820 --> 00:01:26,830 and we will also leave 40 00:01:26,830 --> 00:01:29,040 the advanced VPC configuration unticked. 41 00:01:29,040 --> 00:01:31,110 So, in term of Listener Configuration, 42 00:01:31,110 --> 00:01:32,840 we want our Classical Load Balancer 43 00:01:32,840 --> 00:01:35,860 to be welcoming HTTP traffic onto it. 44 00:01:35,860 --> 00:01:37,644 So, that means that HTTP on port 80 45 00:01:37,644 --> 00:01:39,227 is what we want to allow. 46 00:01:39,227 --> 00:01:43,550 And then, it's going to go to the EC2 instances on port 80 47 00:01:43,550 --> 00:01:44,970 for the protocol HTTP as well. 48 00:01:44,970 --> 00:01:46,740 So, this is great. 49 00:01:46,740 --> 00:01:48,200 Next, for security group. 50 00:01:48,200 --> 00:01:50,210 We're going to create a new security group 51 00:01:50,210 --> 00:01:51,641 for our Classic Load Balancer 52 00:01:51,641 --> 00:01:56,641 and I will call it my-first-load-balancer-sg, 53 00:01:58,310 --> 00:02:00,810 and then we can just leave the description as is. 54 00:02:00,810 --> 00:02:03,310 And so, we're going to have to allow 55 00:02:03,310 --> 00:02:05,120 HTTP traffic from anywhere. 56 00:02:05,120 --> 00:02:08,780 So, HTTP on port 80, from and this is anywhere 57 00:02:08,780 --> 00:02:10,449 as long as it's IPV4 58 00:02:10,449 --> 00:02:13,660 and we can do anywhere to have IPV4 and IPV6 as well 59 00:02:13,660 --> 00:02:15,500 which is not supported by the classical Balancer. 60 00:02:15,500 --> 00:02:18,810 Therefore, you don't see IPV6 in here. 61 00:02:18,810 --> 00:02:20,160 Okay, so we're good to go. 62 00:02:20,160 --> 00:02:23,400 So next, we can configure the security settings. 63 00:02:23,400 --> 00:02:24,600 And right now, we get a warning 64 00:02:24,600 --> 00:02:26,850 because we're not using HTTPS or SSL, 65 00:02:26,850 --> 00:02:28,900 but this is fine because right now in this sector, 66 00:02:28,900 --> 00:02:31,780 we don't want to encrypt traffic in flights. 67 00:02:31,780 --> 00:02:32,950 Next for health checks, 68 00:02:32,950 --> 00:02:35,570 we need to look at what is going to be checked 69 00:02:35,570 --> 00:02:36,403 on our instance. 70 00:02:36,403 --> 00:02:37,236 As you can see, the health check 71 00:02:37,236 --> 00:02:39,580 is going to talk to EC2 Instances 72 00:02:39,580 --> 00:02:42,890 on the protocol HTTP, the port 80, 73 00:02:42,890 --> 00:02:45,850 and the path is going to be /index-html. 74 00:02:45,850 --> 00:02:47,430 So, let's ensure that it works. 75 00:02:47,430 --> 00:02:49,166 So, let's take this public IPV4. 76 00:02:49,166 --> 00:02:51,786 I'm going to copy the IP and open it. 77 00:02:51,786 --> 00:02:54,520 And so, as you can see, we get the Hello World. 78 00:02:54,520 --> 00:02:56,470 But what if we add the path? 79 00:02:56,470 --> 00:02:59,770 So, /index.html onto here? 80 00:02:59,770 --> 00:03:02,670 So, if you press enter, we still get the same URL. 81 00:03:02,670 --> 00:03:04,940 So, this Ping Path would work. 82 00:03:04,940 --> 00:03:06,780 The /Ping Path would work as well. 83 00:03:06,780 --> 00:03:08,220 So, I'd like you to just have a slash. 84 00:03:08,220 --> 00:03:10,380 But it should do like /foobar. 85 00:03:10,380 --> 00:03:12,240 For example, for something that doesn't exist 86 00:03:12,240 --> 00:03:14,910 we do like /foobar and press enter. 87 00:03:14,910 --> 00:03:16,000 We're going to get an error. 88 00:03:16,000 --> 00:03:18,125 And this error would make our instance unhealthy 89 00:03:18,125 --> 00:03:20,610 if we kept the health check as /foorbar. 90 00:03:20,610 --> 00:03:22,450 So, we wanna keep it to a path that we know works 91 00:03:22,450 --> 00:03:24,400 for example, just as slash. 92 00:03:24,400 --> 00:03:26,870 And if we have justice slash, then we get just a URL 93 00:03:26,870 --> 00:03:29,330 and we get the Hello World back from our EC2 Instance. 94 00:03:29,330 --> 00:03:31,020 So, this is perfect. 95 00:03:31,020 --> 00:03:32,480 In terms of the health check, 96 00:03:32,480 --> 00:03:33,470 we need to configure a timeout. 97 00:03:33,470 --> 00:03:34,770 So, five second is great. 98 00:03:34,770 --> 00:03:36,520 How often we want to do the health checks. 99 00:03:36,520 --> 00:03:38,625 So, let's keep it at three seconds. 100 00:03:38,625 --> 00:03:41,420 How many times instance needs to be unhealthy? 101 00:03:41,420 --> 00:03:42,550 So, let's do it five. 102 00:03:42,550 --> 00:03:44,050 Then, for it to be happy. 103 00:03:44,050 --> 00:03:45,740 How many times do unhealthy counts 104 00:03:45,740 --> 00:03:47,480 should be before the instant should be unhealthy. 105 00:03:47,480 --> 00:03:48,560 So, two is great. 106 00:03:48,560 --> 00:03:50,321 And how many times the health checks should be correct 107 00:03:50,321 --> 00:03:52,490 until the instance is deemed healthy? 108 00:03:52,490 --> 00:03:54,630 Let's keep it to a low number like three. 109 00:03:54,630 --> 00:03:56,430 So that means that, once three health checks pass, 110 00:03:56,430 --> 00:03:57,630 then instances are healthy. 111 00:03:57,630 --> 00:03:59,730 And if two health checks in a row don't pass, 112 00:03:59,730 --> 00:04:01,710 then it's unhealthy. 113 00:04:01,710 --> 00:04:04,100 Okay, next we'll need you to add EC2 Instances. 114 00:04:04,100 --> 00:04:07,090 I'm going to add this EC2 Instance 115 00:04:07,090 --> 00:04:11,880 and then I will Add Tags, Create and Create. 116 00:04:11,880 --> 00:04:15,250 So, our first Classic Load Balancer is created 117 00:04:15,250 --> 00:04:16,220 and actually the HealthCheck timeout 118 00:04:16,220 --> 00:04:17,180 must be less than interval. 119 00:04:17,180 --> 00:04:18,470 So, let's review and resolve. 120 00:04:18,470 --> 00:04:22,350 So, the response time out must be less study interval. 121 00:04:22,350 --> 00:04:25,440 So, let's keep the response amount to five seconds, 122 00:04:25,440 --> 00:04:27,853 four seconds and then create it again. 123 00:04:29,050 --> 00:04:29,883 And we're good to go. 124 00:04:29,883 --> 00:04:32,580 So, my Classical Load Balancer was successfully created. 125 00:04:32,580 --> 00:04:35,650 So, here as our Classic Load Balancer 126 00:04:35,650 --> 00:04:37,500 and we need to wait for it to come up. 127 00:04:37,500 --> 00:04:39,230 So, let me pause and get back to you 128 00:04:39,230 --> 00:04:41,180 when it is up and running. 129 00:04:41,180 --> 00:04:42,620 If we check the video right now as you can see, 130 00:04:42,620 --> 00:04:44,070 the Instance is out of service 131 00:04:44,070 --> 00:04:45,700 and if you go over the info, it says, 132 00:04:45,700 --> 00:04:47,470 Instance registration is still in progress. 133 00:04:47,470 --> 00:04:49,340 So if you see out of service for your instance, 134 00:04:49,340 --> 00:04:50,670 please wait a little bit 135 00:04:50,670 --> 00:04:51,590 before asking the Q&A. 136 00:04:51,590 --> 00:04:54,050 Then it gets to in-service. 137 00:04:54,050 --> 00:04:56,090 So, that means that's our Classical Balancer is working. 138 00:04:56,090 --> 00:04:59,060 Now, if you don't get in-service 139 00:04:59,060 --> 00:05:00,670 in say a minute or two minutes, 140 00:05:00,670 --> 00:05:03,140 then I will show you what may be going wrong. 141 00:05:03,140 --> 00:05:05,650 So right now, let's assume that everything is working. 142 00:05:05,650 --> 00:05:08,060 Please don't ask a question in the Q&A just yet. 143 00:05:08,060 --> 00:05:10,990 So, we're going to open the URL DNS name 144 00:05:10,990 --> 00:05:12,120 our Classical Balancer. 145 00:05:12,120 --> 00:05:13,120 And as you can see, 146 00:05:13,120 --> 00:05:16,080 we get Hello World from the EC2 Instance. 147 00:05:16,080 --> 00:05:19,410 The same as if we had used the public facing IP. 148 00:05:19,410 --> 00:05:22,620 So that means that the Classic Load Balancer is working. 149 00:05:22,620 --> 00:05:24,240 But, what if it didn't work? 150 00:05:24,240 --> 00:05:27,480 What if we had an instance that was unhealthy? 151 00:05:27,480 --> 00:05:29,250 So, may be your Instance is unhealthy 152 00:05:29,250 --> 00:05:30,690 because of security groups. 153 00:05:30,690 --> 00:05:33,860 So, if we go into the security groups right now 154 00:05:33,860 --> 00:05:35,810 and go to launch-wizard-1 155 00:05:35,810 --> 00:05:37,800 and let's say we want to remove 156 00:05:37,800 --> 00:05:39,160 these HTTP rules right here. 157 00:05:39,160 --> 00:05:42,790 So, I'm going to delete these HTTP rules and save the rule. 158 00:05:42,790 --> 00:05:44,230 This will make so that... 159 00:05:44,230 --> 00:05:47,210 Well, this Instance right here is not accessible 160 00:05:47,210 --> 00:05:50,500 from the public internet of course, 161 00:05:50,500 --> 00:05:53,340 but also from the privates, it was internet because 162 00:05:53,340 --> 00:05:57,110 well, there's no port 80 available on the security group. 163 00:05:57,110 --> 00:05:59,840 So that means that, for example, in this example, 164 00:05:59,840 --> 00:06:01,347 well, my Instance should be marked 165 00:06:01,347 --> 00:06:02,770 OutOfService very quickly. 166 00:06:02,770 --> 00:06:04,890 And so, right now, I see it is out of service. 167 00:06:04,890 --> 00:06:06,020 So, this could be one reason 168 00:06:06,020 --> 00:06:07,820 why the instance is out of service. 169 00:06:07,820 --> 00:06:10,140 And the other reason why it could be out of service 170 00:06:10,140 --> 00:06:12,210 is that the Hello World just doesn't work 171 00:06:12,210 --> 00:06:14,810 and the bootstrap script did not execute properly. 172 00:06:14,810 --> 00:06:17,820 So, these are the two reasons why this would not work. 173 00:06:17,820 --> 00:06:20,440 Okay. So, let's go back into our instance. 174 00:06:20,440 --> 00:06:23,560 When we had the inbound rule to be HTTP 175 00:06:24,900 --> 00:06:28,470 on port 80 from anywhere on the IPV4 176 00:06:28,470 --> 00:06:30,050 and save the rule. 177 00:06:30,050 --> 00:06:31,230 So when we had this, 178 00:06:31,230 --> 00:06:32,430 we can access our instance 179 00:06:32,430 --> 00:06:35,770 both from the public IP and from the Classical Balancer 180 00:06:35,770 --> 00:06:36,700 which is not working right now, 181 00:06:36,700 --> 00:06:38,860 because I need to wait for my instance 182 00:06:38,860 --> 00:06:40,850 to go back in service 183 00:06:40,850 --> 00:06:42,440 which should take about 15 seconds. 184 00:06:42,440 --> 00:06:43,860 So, that was back in service. 185 00:06:43,860 --> 00:06:45,200 I refresh this and it works. 186 00:06:45,200 --> 00:06:46,530 Okay, so the problem is that 187 00:06:46,530 --> 00:06:48,580 we can access our EC2 Instances directly 188 00:06:48,580 --> 00:06:49,870 and also, through the Load Balancer. 189 00:06:49,870 --> 00:06:52,690 But we would like to tighten the security. 190 00:06:52,690 --> 00:06:54,560 This is where we can show something really cool 191 00:06:54,560 --> 00:06:55,620 with security groups. 192 00:06:55,620 --> 00:06:57,550 We can change the inbound rule 193 00:06:57,550 --> 00:07:00,040 to only allow HTTP rule on port 80, 194 00:07:00,040 --> 00:07:01,380 but not from anywhere. 195 00:07:01,380 --> 00:07:04,850 And instead, we want to allow it from a security group 196 00:07:04,850 --> 00:07:06,360 of the Load Balancer. 197 00:07:06,360 --> 00:07:08,330 So, my first Load Balancer. 198 00:07:08,330 --> 00:07:10,780 So, we are allowing any traffic 199 00:07:10,780 --> 00:07:13,070 from the security group of the Load Balancer 200 00:07:13,070 --> 00:07:15,840 into the security group of the EC2 Instances. 201 00:07:15,840 --> 00:07:18,930 So, allow only traffic 202 00:07:18,930 --> 00:07:21,080 from the ELB. 203 00:07:21,080 --> 00:07:24,210 And the reason we do so is that we want the ELB 204 00:07:24,210 --> 00:07:26,070 to access our instance, okay? 205 00:07:26,070 --> 00:07:27,960 But we don't want our users 206 00:07:27,960 --> 00:07:30,620 to directly access our instances as you can see now. 207 00:07:30,620 --> 00:07:34,590 If I refer to this page, I get an endless running cycle. 208 00:07:34,590 --> 00:07:36,430 And in here, if I refresh, 209 00:07:36,430 --> 00:07:37,480 well, it still works. 210 00:07:37,480 --> 00:07:40,150 So, we can access our EC2 Instances only now, 211 00:07:40,150 --> 00:07:41,297 through the Load Balancer. 212 00:07:41,297 --> 00:07:43,200 So, we have enhanced the security 213 00:07:43,200 --> 00:07:46,670 and that is a very, very common pattern in AWS. 214 00:07:46,670 --> 00:07:49,090 So finally, let's show the whole power of Load Balancing 215 00:07:49,090 --> 00:07:50,760 by having more instances. 216 00:07:50,760 --> 00:07:51,930 So, I can ran click 217 00:07:51,930 --> 00:07:54,300 and say Launch instance from this templates. 218 00:07:54,300 --> 00:07:55,950 For example, oops! 219 00:07:55,950 --> 00:07:59,460 Right click and say Launch instances 220 00:07:59,460 --> 00:08:00,890 and then use the one. 221 00:08:00,890 --> 00:08:03,160 So, we'll use t2 micro 222 00:08:03,160 --> 00:08:05,800 and for instance details, we're good to go. 223 00:08:05,800 --> 00:08:08,500 We can also provide the user data 224 00:08:08,500 --> 00:08:09,710 just like we had from before. 225 00:08:09,710 --> 00:08:11,950 So, let's provide it 226 00:08:11,950 --> 00:08:13,690 and Add Storage, 227 00:08:13,690 --> 00:08:16,560 Add Tags, Security Group, Review and Launch. 228 00:08:16,560 --> 00:08:20,900 So, we will pass in the launch-wizard-1 security group. 229 00:08:20,900 --> 00:08:23,203 Launch, and yes, we have the key pair. 230 00:08:24,280 --> 00:08:26,940 That's one of them and we can do another one like this. 231 00:08:26,940 --> 00:08:30,160 So, we will launch an instance again. 232 00:08:30,160 --> 00:08:32,919 Select, we have t2 micro. 233 00:08:32,919 --> 00:08:34,650 I'm trying to go a little bit fast here. 234 00:08:34,650 --> 00:08:36,299 Paste the users data. 235 00:08:36,299 --> 00:08:37,610 Storage is good. 236 00:08:37,610 --> 00:08:40,679 Security Group, we're going to do launch- wizard-1, 237 00:08:40,679 --> 00:08:43,513 Review and Launch, and Launch, okay. 238 00:08:44,650 --> 00:08:45,810 So, the effect of this is that 239 00:08:45,810 --> 00:08:48,620 now we have three EC2 Instances that are launched 240 00:08:48,620 --> 00:08:52,440 and they will all have their own Hello Hello World message. 241 00:08:52,440 --> 00:08:53,350 And so, what I want to do 242 00:08:53,350 --> 00:08:55,140 is to (indistinct) these instances 243 00:08:55,140 --> 00:08:56,590 on to my Classical Balancer. 244 00:08:56,590 --> 00:08:58,680 So, I go to my Classical Balancer, 245 00:08:58,680 --> 00:08:59,950 I edit my instances 246 00:08:59,950 --> 00:09:02,870 and now I add these two new instances. 247 00:09:02,870 --> 00:09:04,890 So now, we have three instances 248 00:09:04,890 --> 00:09:07,440 registered on my Classical balancer 249 00:09:07,440 --> 00:09:09,020 and as you can see, two are OutOfService 250 00:09:09,020 --> 00:09:11,190 because they're still booting up. 251 00:09:11,190 --> 00:09:12,550 So, what's going to happen 252 00:09:12,550 --> 00:09:14,520 is that we need to use our data script 253 00:09:14,520 --> 00:09:17,140 on the EC2 Instances to complete successfully. 254 00:09:17,140 --> 00:09:19,220 And then, once the EC2 Instances are up, 255 00:09:19,220 --> 00:09:21,830 they should be put in service by our Load balancer. 256 00:09:21,830 --> 00:09:23,530 And again, if you see OutOfService, 257 00:09:23,530 --> 00:09:26,640 this maybe because you don't have 258 00:09:26,640 --> 00:09:28,350 the user data script run properly 259 00:09:28,350 --> 00:09:29,560 or some security group issues. 260 00:09:29,560 --> 00:09:32,050 But if you see some inservice and some OutOfService, 261 00:09:32,050 --> 00:09:33,530 and they have the same security groups, 262 00:09:33,530 --> 00:09:36,320 then it's not a security group issue, okay? 263 00:09:36,320 --> 00:09:39,570 So, let's just switch a little bit for this to complete. 264 00:09:39,570 --> 00:09:41,810 Okay, so my three instances are in service 265 00:09:41,810 --> 00:09:43,680 and they're spread across two availability zones. 266 00:09:43,680 --> 00:09:46,980 So, us-east-2a and us-east-2c. 267 00:09:46,980 --> 00:09:48,910 And so now, if I go back to my load balancer 268 00:09:48,910 --> 00:09:49,978 and refresh the page, 269 00:09:49,978 --> 00:09:51,350 every time I refresh, 270 00:09:51,350 --> 00:09:54,730 I'm going to get a new EC2 Instance replying to me 271 00:09:54,730 --> 00:09:56,430 and therefore we get a new Hello World message 272 00:09:56,430 --> 00:09:58,340 from a different private IP. 273 00:09:58,340 --> 00:10:00,840 So, this shows that every time I refresh the browser, 274 00:10:00,840 --> 00:10:04,130 my request goes to a different EC2 Instance 275 00:10:04,130 --> 00:10:06,150 and that means that my load balancer indeed 276 00:10:06,150 --> 00:10:08,340 is load balancing my requests. 277 00:10:08,340 --> 00:10:09,550 So, this is pretty cool. 278 00:10:09,550 --> 00:10:12,220 And that concludes the demo for the Load Balancers. 279 00:10:12,220 --> 00:10:13,070 So, that's it for this demo. 280 00:10:13,070 --> 00:10:15,020 Please delete the Classical Balancer. 281 00:10:15,020 --> 00:10:16,310 We will not be using it. 282 00:10:16,310 --> 00:10:18,990 But keep the EC2 Instances running during the section 283 00:10:18,990 --> 00:10:20,730 as we'll be creating new Load Balancers 284 00:10:20,730 --> 00:10:22,010 and using them as well. 285 00:10:22,010 --> 00:10:22,843 So, that's it. 286 00:10:22,843 --> 00:10:24,430 I will see you in the next lecture.