AWS/Terraform Workshop #3: ELB, SNS, AutoScaling

This post is part of AWS/Terraform Workshops series that we share with you along with our vision of Service Oriented Architecture (SOA). Check out introductory workshop and new posts at Smartling Engineering Blog.

Prerequisites

• Go through Workshops #1 and #2
• AWS Elastic Load Balancers (ELB)
• AWS Simple Notification Service (SNS)

Preface

AWS Elastic Load Balancing (ELB)

AWS ELB automatically distributes incoming application traffic across multiple Amazon EC2 instances. It detects unhealthy instances and reroutes traffic to healthy instances until the unhealthy instances have been restored. Elastic Load Balancing automatically scales its request handling capacity in response to incoming traffic.

Health checks: To discover availability of your EC2 instances, the load balancer periodically sends pings, attempts connections, or sends requests to test the EC2 instances. These tests are called health checks. The status of the instances that are healthy at the time of the health check is InService. The status of any instances that are unhealthy at the time of the health check is OutOfService. The load balancer performs health checks on all registered instances, whether the instance is in a healthy state or an unhealthy state.

ELB Listener defines frontend and backend protocol/port for proxy connections. In case frontend protocol it HTTPS you will need to specify SSL certificate and ciphers.

ELB Security Group acts as a firewall that controls the traffic allowed to and from one or more ELBs or instances.

Additional ELB configurations:

• To ensure that the load balancer stops sending requests to instances that are de-registering or unhealthy, while keeping the existing connections open, use connection draining. This enables the load balancer to complete in-flight requests made to instances that are de-registering or unhealthy.
• By default, your load balancer distributes incoming requests evenly across its enabled Availability Zones. To ensure that your load balancer distributes incoming requests evenly across all back-end instances, regardless of the Availability Zone that they are in, enable cross-zone load balancing.
• Elastic Load Balancing provides access logs that capture detailed information about all requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and to troubleshoot issues.

Auto Scaling (ASG) integrates with Elastic Load Balancing to enable you to attach one or more load balancers to an existing Auto Scaling group. After you attach the load balancer, it automatically registers the instances in the group and distributes incoming traffic across the instances.

By default, an Auto Scaling group determines the health state of each instance by periodically checking the results of the EC2 instance status checks. If an instance fails the EC2 instance status checks, Auto Scaling marks the instance as unhealthy and replaces the instance. However, if you have attached one or more load balancers to your Auto Scaling group and the instance fails the Elastic Load Balancing health checks, Auto Scaling does not replace the instance by default. You can configure your Auto Scaling group to use both EC2 instance status checks and Elastic Load Balancing health checks to determine the health status of your instances.

If connection draining is enabled for your load balancer, Auto Scaling waits for the in-flight requests to complete or for the maximum timeout to expire, whichever comes first, before terminating instances due to a scaling event or health check replacement.

Read more:

• What is Elastic Load Balancing?
• Attaching a Load Balancer to Your Auto Scaling Group
• Adding Health Checks to Your Auto Scaling Group
• Health Checks for Auto Scaling Instances
• Connection Draining for ELB

AWS Simple Notification Service

AWS SNS is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients — publishers and subscribers — also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel. Subscribers (i.e., web servers, email addresses etc) consume or receive the message or notification over one of the supported protocols (HTTP/S, email) when they are subscribed to the topic.

SNS is common way to enable communication between AWS components and part of infrastructure placed outside AWS, for example:

• You can configure AWS CloudWatch alarm to send ALARM action to SNS and subscribe to it via email to get notifications.
• ASG dynamic scaling requires CloudWatch alarm to trigger ASG scale policies, communication between CloudWatch and ASG is done via SNS.
• Using SNS you can trigger AWS Lambda functions (covered in next workshops).

Read more:

• What is Amazon Simple Notification Service?

Hands On

1. Go to w3 directory in cloned Smartling/aws-terraform-workshops git repository.
2. Specify actual IDs of AWS VPC, Subnet and Availability Zone into terraform.tfvars file.
Note: Follow instructions in Hands On section of Workshop #2 or just copy terraform.tfvars file from it.
3. Add your public SSH key to user-data.txt file.
4. Create Autoscaling Group:
  a. Configure security group for instances in ASG to accept incoming connections via 22 and 80 TCP ports from 0.0.0.0/0.
Note: This is generally bad idea from security perspective to open access to your resources via 22 port from anywhere -- please avoid such setup in configurations other than workshop.
  b. Add missing arguments for ASG in autoscaling.tf file:
    i. Min instances limit = 2, max instances = 2
    ii. Instance type t2.nano
    iii. Add references between AWS resources: attach ASG launch configuration to autoscaling group etc.
Note: Be prepared for mistakes made in terraform configuration intentionally – just fix them.
  c. Apply terraform configuration.
  d. Check newly created AWS resources in AWS web console.
5. Create AWS ELB and attach it to ASG created before.
  a. Uncomment resources in elb.tf and add finish configuration.
  b. Configure ELB Listener to accept HTTP connection on port 80 and forward them to port 80.
  c. Enable connection draining.
  d. Configure ELB health checks:
    i. Ping Target: "HTTP:80/"
    ii. Healthy threshold = 3
    iii. Unhealthy threshold = 3
    iiii. Timeout = 2
    iiiii. Interval = 5
  e. Put ELB in the same Security Group with instances in ASG.
  f. Apply Terraform configuration.
  g. Attach  ELB to ASG:
    i. Update ASG configuration in terraform
    ii. Configure ASG to use ELB metrics instead of EC2
  h. Find ELB endpoint and open it in browser – you should see nginx welcome page.
6. Create SNS topic to receive ASG scaling notifications to email.
  a. Uncomment SNS topic resource in sns.tf file.
  b. Apply terraform configuration
  c. Go to AWS SNS web console, find newly created SNS topic and create subscription to your email address.
  d. Update ASG configuration to send its scaling events to SNS topic
  e. Apply terraform configuration.
  f. Login to one of ec2 instances via SSH and stop docker "sudo service docker stop". ASG will detect that instance in unhealthy (as it doesn't reply to health checks), will terminate it and will create new.
  g. Make sure you received notification from ASG to your email.
7. Destroy AWS resources.

Introductory story:

DevOps as a Culture — set of Smartling workshops

Workshop #1:

Getting started with Terraform and AWS EC2, first steps. Workshop #1

Workshop #2:

AWS/Terraform Workshop #2: EC2 Networking, Autoscaling Groups, CloudWatch

Workshop #4:

AWS/Terraform Workshop #4: S3, IAM, Terraform remote state, Jenkins

Workshop #5:

AWS/Terraform Workshop #5: AWS Lambda Functions

Workshop #6:

AWS/Terraform Workshop #6: EC2 Container Service, AWS Lambda

Did you find our workshops useful? Click the 💙 below!