AWS Application Load Balancer listener rules and advance routing options
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed how to create an Application Load Balancer using AWS CLI.
https://cloudaffaire.com/how-to-create-an-application-load-balancer-using-aws-cli/
In this blog post, we will discuss AWS ALB listener rules and different routing options available in ALB.
AWS Application Load Balancer listener rules and routing options:
Listener Rules:
Each listener has a default rule, and you can optionally define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. You can add or edit rules at any time
Default Rules:
When you create a listener, you define actions for the default rule. Default rules can’t have conditions. If the conditions for none of a listener’s rules are met, then the action for the default rule is performed.
Rule Priority:
Each rule has a priority. Rules are evaluated in priority order, from the lowest value to the highest value. The default rule is evaluated last. You can change the priority of a nondefault rule at any time. You cannot change the priority of the default rule.
Rule Conditions
Each rule condition has a type and configuration information. When the conditions for a rule are met, then its actions are performed.
Rule Condition Types:
- path-pattern: Route based on path patterns in the request URLs.
- source-ip: Route based on the source IP address of each request.
- host-header: Route based on the host name of each request.
- http-header: Route based on the HTTP headers for each request.
- http-request-method: Route based on the HTTP request method of each request.
- query-string: Route based on key/value pairs or values in the query strings.
Rule Actions:
Each rule action has a type, an order, and the information required to perform the action.
Rule Action Types:
- fixed-response: Return a custom HTTP response.
- forward: Forward requests to the specified target groups.
- redirect: Redirect requests from one URL to another.
- authenticate-oidc: [HTTPS listeners] Use an identity provider that is compliant with OpenID Connect (OIDC) to authenticate users.
- authenticate-cognito: [HTTPS listeners] Use Amazon Cognito to authenticate users.
AWS Application Load Balancer listener rules and advance routing options demo:
Step 1: Create a custom VPC and EC2 instances for your ALB.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
################################################################ ## Application Load Balancer Listener Rules & Advance Routing ## ################################################################ ##---------------------------------------------------------- ## Create custom vpc and instances for your load balancer ## ##---------------------------------------------------------- ## Create custom vpc for your alb ## ## Create a directory named alb mkdir alb && cd alb ## Create a VPC AWS_VPC_ID=$(aws ec2 create-vpc \ --cidr-block 10.0.0.0/16 \ --query 'Vpc.{VpcId:VpcId}' \ --output text) ## Enable DNS hostname for your VPC aws ec2 modify-vpc-attribute \ --vpc-id $AWS_VPC_ID \ --enable-dns-hostnames "{\"Value\":true}" ## Add a tag to the VPC aws ec2 create-tags \ --resources $AWS_VPC_ID \ --tags "Key=Name,Value=myvpc" ## Create two public subnets AWS_SUBNET_PUBLIC_ONE_ID=$(aws ec2 create-subnet \ --vpc-id $AWS_VPC_ID --cidr-block 10.0.1.0/24 \ --availability-zone ap-south-1a --query 'Subnet.{SubnetId:SubnetId}' \ --output text) AWS_SUBNET_PUBLIC_TWO_ID=$(aws ec2 create-subnet \ --vpc-id $AWS_VPC_ID --cidr-block 10.0.2.0/24 \ --availability-zone ap-south-1b --query 'Subnet.{SubnetId:SubnetId}' \ --output text) ## Enable Auto-assign Public IP on Public Subnets aws ec2 modify-subnet-attribute \ --subnet-id $AWS_SUBNET_PUBLIC_ONE_ID \ --map-public-ip-on-launch aws ec2 modify-subnet-attribute \ --subnet-id $AWS_SUBNET_PUBLIC_TWO_ID \ --map-public-ip-on-launch ## Add a tag to public subnets aws ec2 create-tags \ --resources $AWS_SUBNET_PUBLIC_ONE_ID \ --tags "Key=Name,Value=myvpc-public-subnet-one" aws ec2 create-tags \ --resources $AWS_SUBNET_PUBLIC_TWO_ID \ --tags "Key=Name,Value=myvpc-public-subnet-two" ## Create an Internet Gateway AWS_INTERNET_GATEWAY_ID=$(aws ec2 create-internet-gateway \ --query 'InternetGateway.{InternetGatewayId:InternetGatewayId}' \ --output text) ## Attach Internet gateway to your VPC aws ec2 attach-internet-gateway \ --vpc-id $AWS_VPC_ID \ --internet-gateway-id $AWS_INTERNET_GATEWAY_ID ## Add a tag to the Internet-Gateway aws ec2 create-tags \ --resources $AWS_INTERNET_GATEWAY_ID \ --tags "Key=Name,Value=myvpc-internet-gateway" ## Create a route table AWS_CUSTOM_ROUTE_TABLE_ID=$(aws ec2 create-route-table \ --vpc-id $AWS_VPC_ID \ --query 'RouteTable.{RouteTableId:RouteTableId}' \ --output text ) ## Create route to Internet Gateway aws ec2 create-route \ --route-table-id $AWS_CUSTOM_ROUTE_TABLE_ID \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id $AWS_INTERNET_GATEWAY_ID ## Associate the public subnet with route table AWS_ROUTE_TABLE_ASSOID_ONE=$(aws ec2 associate-route-table \ --subnet-id $AWS_SUBNET_PUBLIC_ONE_ID \ --route-table-id $AWS_CUSTOM_ROUTE_TABLE_ID \ --query 'AssociationId' \ --output text) AWS_ROUTE_TABLE_ASSOID_TWO=$(aws ec2 associate-route-table \ --subnet-id $AWS_SUBNET_PUBLIC_TWO_ID \ --route-table-id $AWS_CUSTOM_ROUTE_TABLE_ID \ --query 'AssociationId' \ --output text) ## Create a security group aws ec2 create-security-group \ --vpc-id $AWS_VPC_ID \ --group-name myvpc-security-group \ --description 'My VPC non default security group' ## Get security group ID's AWS_DEFAULT_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \ --filters "Name=vpc-id,Values=$AWS_VPC_ID" \ --query 'SecurityGroups[?GroupName == `default`].GroupId' \ --output text) && AWS_CUSTOM_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \ --filters "Name=vpc-id,Values=$AWS_VPC_ID" \ --query 'SecurityGroups[?GroupName == `myvpc-security-group`].GroupId' \ --output text) ## Create security group ingress rules aws ec2 authorize-security-group-ingress \ --group-id $AWS_CUSTOM_SECURITY_GROUP_ID \ --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": "0.0.0.0/0", "Description": "Allow SSH"}]}]' && aws ec2 authorize-security-group-ingress \ --group-id $AWS_CUSTOM_SECURITY_GROUP_ID \ --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "IpRanges": [{"CidrIp": "0.0.0.0/0", "Description": "Allow HTTP"}]}]' ## Create two ec2 instances your alb target group ## ## Get Amazon Linux 2 latest AMI ID AWS_AMI_ID=$(aws ec2 describe-images \ --owners 'amazon' \ --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' \ --query 'sort_by(Images, &CreationDate)[-1].[ImageId]' \ --output 'text') ## Create a key-pair aws ec2 create-key-pair \ --key-name myvpc-keypair \ --query 'KeyMaterial' \ --output text > myvpc-keypair.pem ## Change access to key pair to make it secure chmod 400 myvpc-keypair.pem ## Create user data to configure LAMP stack vi myuserdataone.txt ----------------------- #!/bin/bash sudo yum update -y sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 sudo yum install -y httpd mariadb-server sudo systemctl start httpd sudo usermod -a -G apache ec2-user sudo chown -R ec2-user:apache /var/www sudo chmod 2775 /var/www sudo find /var/www -type d -exec chmod 2775 {} \; sudo find /var/www -type f -exec chmod 0664 {} \; sudo mkdir /var/www/html/prod sudo echo "hello from ec2 prod instance" > /var/www/html/prod/index.html ----------------------- :wq vi myuserdatatwo.txt ----------------------- #!/bin/bash sudo yum update -y sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 sudo yum install -y httpd mariadb-server sudo systemctl start httpd sudo usermod -a -G apache ec2-user sudo chown -R ec2-user:apache /var/www sudo chmod 2775 /var/www sudo find /var/www -type d -exec chmod 2775 {} \; sudo find /var/www -type f -exec chmod 0664 {} \; sudo mkdir /var/www/html/test sudo echo "hello from ec2 test instance" > /var/www/html/test/index.html ----------------------- :wq ## Create two EC2 instances AWS_EC2_INSTANCE_ONE_ID=$(aws ec2 run-instances \ --image-id $AWS_AMI_ID \ --instance-type t2.micro \ --key-name myvpc-keypair \ --monitoring "Enabled=false" \ --security-group-ids $AWS_CUSTOM_SECURITY_GROUP_ID \ --subnet-id $AWS_SUBNET_PUBLIC_ONE_ID \ --user-data file://myuserdataone.txt \ --private-ip-address 10.0.1.10 \ --query 'Instances[0].InstanceId' \ --output text) ## Check if the instance one is running ## It will take some time for the instance to get ready aws ec2 describe-instance-status \ --instance-ids $AWS_EC2_INSTANCE_ONE_ID --output text AWS_EC2_INSTANCE_TWO_ID=$(aws ec2 run-instances \ --image-id $AWS_AMI_ID \ --instance-type t2.micro \ --key-name myvpc-keypair \ --monitoring "Enabled=false" \ --security-group-ids $AWS_CUSTOM_SECURITY_GROUP_ID \ --subnet-id $AWS_SUBNET_PUBLIC_TWO_ID \ --user-data file://myuserdatatwo.txt \ --private-ip-address 10.0.2.10 \ --query 'Instances[0].InstanceId' \ --output text) ## Check if the instance one is running ## It will take some time for the instance to get ready aws ec2 describe-instance-status \ --instance-ids $AWS_EC2_INSTANCE_TWO_ID --output text ## Add a tag to the ec2 instances aws ec2 create-tags \ --resources $AWS_EC2_INSTANCE_ONE_ID \ --tags "Key=Name,Value=myvpc-ec2-instance-one" aws ec2 create-tags \ --resources $AWS_EC2_INSTANCE_TWO_ID \ --tags "Key=Name,Value=myvpc-ec2-instance-two" |
Step 2: Create your Application Load Balancer
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
##------------------------------------ ## Create application load balancer ## ##------------------------------------ ## Create the application load balancer in custom vpc AWS_ALB_ARN=$(aws elbv2 create-load-balancer \ --name my-application-load-balancer \ --subnets $AWS_SUBNET_PUBLIC_ONE_ID $AWS_SUBNET_PUBLIC_TWO_ID \ --security-groups $AWS_CUSTOM_SECURITY_GROUP_ID \ --query 'LoadBalancers[0].LoadBalancerArn' \ --output text) ## Check the status of load balancer aws elbv2 describe-load-balancers \ --load-balancer-arns $AWS_ALB_ARN \ --query 'LoadBalancers[0].State.Code' \ --output text ## Once the ALB status is active, get the DNS name for your ALB AWS_ALB_DNS=$(aws elbv2 describe-load-balancers \ --load-balancer-arns $AWS_ALB_ARN \ --query 'LoadBalancers[0].DNSName' \ --output text) && echo $AWS_ALB_DNS ## Create two target groups for your ALB AWS_ALB_TARGET_GROUP_PROD_ARN=$(aws elbv2 create-target-group \ --name my-alb-target-group-prod \ --protocol HTTP --port 80 \ --vpc-id $AWS_VPC_ID \ --query 'TargetGroups[0].TargetGroupArn' \ --output text) AWS_ALB_TARGET_GROUP_TEST_ARN=$(aws elbv2 create-target-group \ --name my-alb-target-group-test \ --protocol HTTP --port 80 \ --vpc-id $AWS_VPC_ID \ --query 'TargetGroups[0].TargetGroupArn' \ --output text) ## Register the ec2 instances in the respective target groups aws elbv2 register-targets --target-group-arn $AWS_ALB_TARGET_GROUP_PROD_ARN \ --targets Id=$AWS_EC2_INSTANCE_ONE_ID aws elbv2 register-targets --target-group-arn $AWS_ALB_TARGET_GROUP_TEST_ARN \ --targets Id=$AWS_EC2_INSTANCE_TWO_ID |
Step 3: Create a listener for your ALB with a default fixed response rule.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
##------------------------------------------------------------ ## Rule: Default | Condition = NA | Action = Fixed Responce ## ##------------------------------------------------------------ ## Create a listener for your load balancer with a default rule that forwards requests to your target groups AWS_ALB_LISTNER_ARN=$(aws elbv2 create-listener --load-balancer-arn $AWS_ALB_ARN \ --protocol HTTP --port 80 \ --default-actions Type='fixed-response',FixedResponseConfig="{MessageBody=hello from alb listener deafult rule,StatusCode=200,ContentType=text/plain}" \ --query 'Listeners[0].ListenerArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Call your webserver using ALB DNS name curl $AWS_ALB_DNS #returns hello from alb listener deafult rule |
Note: Default rule does not support any conditions.
Step 4: Create a custom rule with fixed response action and host header condition.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
##-------------------------------------------------------------------- ## Rule: Custom | Condition = Host Header | Action = Fixed Responce ## ##-------------------------------------------------------------------- ## Define your fixed responce rule in json format vi actions-fixed-response-host-header.json --------------------------- [ { "Type": "fixed-response", "FixedResponseConfig": { "MessageBody": "hello from alb using host header condition", "StatusCode": "200", "ContentType": "text/plain" } } ] --------------------------- :wq ## Define your fixed responce condition vi conditions-host-header.json --------------------------- [ { "Field": "host-header", "HostHeaderConfig": { "Values": ["cloudaffaire.com"] } } ] ---------------------------- :wq ## Create a rule using a host header condition and a fixed response action AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 10 \ --conditions file://conditions-host-header.json \ --actions file://actions-fixed-response-host-header.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl curl -H "Host: cloudaffaire.com" $AWS_ALB_DNS #returns hello from alb using host header condition |
Step 5: Create a custom rule with fixed response action and http header condition.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
##-------------------------------------------------------------------- ## Rule: Custom | Condition = HTTP Header | Action = Fixed Responce ## ##-------------------------------------------------------------------- ## Define your fixed responce rule in json format vi actions-fixed-response-http-header.json --------------------------- [ { "Type": "fixed-response", "FixedResponseConfig": { "MessageBody": "hello from alb using http header condition", "StatusCode": "200", "ContentType": "text/plain" } } ] --------------------------- :wq ## Define your fixed responce condition vi conditions-http-header.json --------------------------- [ { "Field": "http-header", "HttpHeaderConfig": { "HttpHeaderName": "Cookie", "Values": ["condition=http_header"] } } ] ---------------------------- :wq ## Create a rule using a http header condition and a fixed response action AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 20 \ --conditions file://conditions-http-header.json \ --actions file://actions-fixed-response-http-header.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl curl --cookie "condition=http_header" $AWS_ALB_DNS #returns hello from alb using http header condition |
Step 6: Create a custom rule with fixed response action and http request method condition.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
##---------------------------------------------------------------------------- ## Rule: Custom | Condition = HTTP Request Method | Action = Fixed Responce ## ##---------------------------------------------------------------------------- ## Define your fixed responce rule in json format vi actions-fixed-response-http-request-method.json --------------------------- [ { "Type": "fixed-response", "FixedResponseConfig": { "MessageBody": "hello from alb using http request method condition", "StatusCode": "200", "ContentType": "text/plain" } } ] --------------------------- :wq ## Define your fixed responce condition vi conditions-http-request-method.json --------------------------- [ { "Field": "http-request-method", "HttpRequestMethodConfig": { "Values": ["READ"] } } ] ---------------------------- :wq ## Create a rule using a http request method condition and a fixed response action AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 30 \ --conditions file://conditions-http-request-method.json \ --actions file://actions-fixed-response-http-request-method.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl curl --request READ $AWS_ALB_DNS #returns hello from alb using http request method condition |
Step 7: Create a custom rule with fixed response action and source IP condition.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
##------------------------------------------------------------------ ## Rule: Custom | Condition = Source IP | Action = Fixed Responce ## ##------------------------------------------------------------------ ## Define your fixed responce rule in json format vi actions-fixed-response-source-ip.json --------------------------- [ { "Type": "fixed-response", "FixedResponseConfig": { "MessageBody": "hello from alb using source ip condition", "StatusCode": "200", "ContentType": "text/plain" } } ] --------------------------- :wq ## Define your fixed responce condition vi conditions-source-ip.json --------------------------- [ { "Field": "source-ip", "SourceIpConfig": { "Values": [" } } ] ---------------------------- :wq ## Create a rule using a source ip condition and a fixed response action AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 70 \ --conditions file://conditions-source-ip.json \ --actions file://actions-fixed-response-source-ip.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl curl $AWS_ALB_DNS #returns hello from alb using source ip condition |
Step 8: Create a custom rule with redirect action and query string condition.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
##--------------------------------------------------------------- ## Rule: Custom | Condition = Query String | Action = Redirect ## ##--------------------------------------------------------------- ## Define your redirect rule in json format vi actions-redirect-query-string.json --------------------------- [ { "Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Host": "cloudaffaire.com", "Path": "/", "Query": "", "StatusCode": "HTTP_301" } } ] --------------------------- :wq ## Define your fixed responce condition vi conditions-query-string.json --------------------------- [ { "Field": "query-string", "QueryStringConfig": { "Values": [ { "Key": "page", "Value": "cloudaffaire" } ] } } ] ---------------------------- :wq ## Create a rule using a query string condition and a redirect action AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 40 \ --conditions file://conditions-query-string.json \ --actions file://actions-redirect-query-string.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl ## Define a new variable for query based routing AWS_ALB_DNS_WITH_QUERY="${AWS_ALB_DNS}?page=cloudaffaire" curl $AWS_ALB_DNS_WITH_QUERY #returns cloudaffaire.com home page |
Step 9: Create a custom rule with forward action and path condition (also known as path-based routing).
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
##------------------------------------------------------ ## Rule: Custom | Condition = Path | Action = Forward ## ##------------------------------------------------------ ## Get AWS_ALB_TARGET_GROUP_PROD_ARN value and replace below echo $AWS_ALB_TARGET_GROUP_PROD_ARN ## Define your forward rule in json format vi actions-forward-path-prod.json --------------------------- [ { "Type": "forward", "ForwardConfig": { "TargetGroups": [ { "TargetGroupArn": " } ] } } ] --------------------------- :wq ## Define your forward rule in json format ## Get AWS_ALB_TARGET_GROUP_TEST_ARN value and replace below echo $AWS_ALB_TARGET_GROUP_TEST_ARN vi actions-forward-path-test.json --------------------------- [ { "Type": "forward", "ForwardConfig": { "TargetGroups": [ { "TargetGroupArn": " } ] } } ] --------------------------- :wq ## Define your forward conditions vi conditions-path-prod.json --------------------------- [ { "Field": "path-pattern", "PathPatternConfig": { "Values": ["/prod/"] } } ] ---------------------------- :wq vi conditions-path-test.json --------------------------- [ { "Field": "path-pattern", "PathPatternConfig": { "Values": ["/test/"] } } ] ---------------------------- :wq ## Create a rule using a path condition and a forward response to prod instance AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 50 \ --conditions file://conditions-path-prod.json \ --actions file://actions-forward-path-prod.json \ --query 'Rules[0].RuleArn' \ --output text) ## Create a rule using a path condition and a forward response to test instance AWS_ALB_LISTENER_RULE_ARN=$(aws elbv2 create-rule \ --listener-arn $AWS_ALB_LISTNER_ARN \ --priority 60 \ --conditions file://conditions-path-test.json \ --actions file://actions-forward-path-test.json \ --query 'Rules[0].RuleArn' \ --output text) ## Describe the current listener rule aws elbv2 describe-rules \ --listener-arn $AWS_ALB_LISTNER_ARN ## Check your alb responce using curl ## Define a new variable for path based routing AWS_ALB_DNS_WITH_PATH_PROD="${AWS_ALB_DNS}/prod/" AWS_ALB_DNS_WITH_PATH_TEST="${AWS_ALB_DNS}/test/" curl $AWS_ALB_DNS_WITH_PATH_PROD #returns hello from ec2 prod instance curl $AWS_ALB_DNS_WITH_PATH_TEST #returns hello from ec2 test instance |
Step 10: Cleanup
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
##----------- ## Cleanup ## ##----------- ## Delete the fixed responce rule aws elbv2 delete-rule \ --rule-arn $AWS_ALB_LISTENER_RULE_ARN ## Delete the listener aws elbv2 delete-listener \ --listener-arn $AWS_ALB_LISTNER_ARN ## Deregister targets aws elbv2 deregister-targets \ --target-group-arn $AWS_ALB_TARGET_GROUP_PROD_ARN \ --targets Id=$AWS_EC2_INSTANCE_ONE_ID Id=$AWS_EC2_INSTANCE_ONE_ID && aws elbv2 deregister-targets \ --target-group-arn $AWS_ALB_TARGET_GROUP_TEST_ARN \ --targets Id=$AWS_EC2_INSTANCE_ONE_ID Id=$AWS_EC2_INSTANCE_TWO_ID ## Delete target groups aws elbv2 delete-target-group \ --target-group-arn $AWS_ALB_TARGET_GROUP_PROD_ARN && aws elbv2 delete-target-group \ --target-group-arn $AWS_ALB_TARGET_GROUP_TEST_ARN ## Delete Application Load Balancer aws elbv2 delete-load-balancer \ --load-balancer-arn $AWS_ALB_ARN ## Terminate the ec2 instances aws ec2 terminate-instances \ --instance-ids $AWS_EC2_INSTANCE_ONE_ID && aws ec2 terminate-instances \ --instance-ids $AWS_EC2_INSTANCE_TWO_ID ## Delete key pair aws ec2 delete-key-pair \ --key-name myvpc-keypair ## Delete custom security group (once instances are terminated) aws ec2 delete-security-group \ --group-id $AWS_CUSTOM_SECURITY_GROUP_ID ## Delete internet gateway aws ec2 detach-internet-gateway \ --internet-gateway-id $AWS_INTERNET_GATEWAY_ID \ --vpc-id $AWS_VPC_ID && aws ec2 delete-internet-gateway \ --internet-gateway-id $AWS_INTERNET_GATEWAY_ID ## Disassociate the subnets from custom route table aws ec2 disassociate-route-table \ --association-id $AWS_ROUTE_TABLE_ASSOID_ONE && aws ec2 disassociate-route-table \ --association-id $AWS_ROUTE_TABLE_ASSOID_TWO ## Delete custom route table aws ec2 delete-route-table \ --route-table-id $AWS_CUSTOM_ROUTE_TABLE_ID ## Delete the public subnets aws ec2 delete-subnet \ --subnet-id $AWS_SUBNET_PUBLIC_ONE_ID && aws ec2 delete-subnet \ --subnet-id $AWS_SUBNET_PUBLIC_TWO_ID ## Delete the vpc aws ec2 delete-vpc \ --vpc-id $AWS_VPC_ID ## Remove all files used in this demo cd .. rm -rf alb |
Hope you have enjoyed this article, In the next blog post, we will discuss target groups for Application Load Balancer.
All the public cloud providers are changing the console user interface rapidly and due to this some of the screenshots used in our previous AWS blogs are no longer relevant. Hence, we have decided that from now onwards most of the demo will be done programmatically. Let us know your feedback on this in the comment section.
To get more details on AWS ELB, please refer below AWS documentation
https://docs.aws.amazon.com/elasticloadbalancing/index.html
Do you have any of the rules examples in cdk using python? I’m looking for examples that will help me build
rule for if path = /index then authenticate to cognito