Make Environment Publicly Accessible using AWS LB Configuration
Documentation to create public load balancer
Introduction
This document provides step-by-step instructions to make environment publicly accessible without wire guard configuration. Generally, all environments are privately accessible using wire guard configuration.
Note: The naming conventions may vary depending on the environment, and this documentation will be applicable when using an AWS load balancer.
Create Target Group for external-http
In the EC2 dashboard, under the "Load Balancing" section, select "Target Groups" from the menu.
Click the "Create Target Group" button to create a new Target Group.
Configure Target Group
Choose target type -
IP addresses
Target Group name -
openg2p-<envname>-external-http
Protocol : Port -
TCP : 30080
VPC - Select the VPC in which the instances are located
Health check protocol : Path : Port (Traffic Port) -
HTTP : /healthz/ready : 30521
Register Targets
After configuring the Target Group, click the "Next" button
Select the targets (instances) to register with the Target Group
Click the "Add to registered" button to add the selected targets to the Target Group
Review the configuration settings for the Target Group. After verification, click the "Create Target Group" button to create the Target Group.
Once the Target Group is created, make a note of the Amazon Resource Name (ARN) of the newly created Target Group. This ARN is required when you configure Load Balancers or other services that use the Target Group.
Create Target Group for external-httpsredirect
To create a Target Group for "external-httpsredirect," follow the same steps mentioned above. Only for the "Configure Target Group" section, use the following configurations.
Choose target type -
IP addresses
Target Group name -
openg2p-<envname>-ext-httpsredirect
Protocol : Port -
TCP : 30081
VPC - Select the VPC in which the instances are located.
Health check protocol : Path : Port (Overide) -
HTTP : /healthz/ready : 30521
Create a Target Group for PostgreSQL
For PostgreSQL, there is no need to create a Target Group (TG). Instead, create a record with the name internal.sandbox-name and map the Internal NLB DNS name of the environment to it in AWS Route53.
Create external network Load Balancer
In the EC2 dashboard, click the "Load Balancers" tab and then click "Create Load Balancer" and Choose Load Balancer Type as Network Load Balancer.
Configure Load Balancer Settings
Create NLB with name -
openg2p-<envname>-external
Select VPC - Select the VPC and region in which the instances are located
Select Security Group - Select the Security Group in which the instances are located
Note: Click here to create Security Group, if required
Configure Routing - Define Target Groups to route traffic to specific instances
Listeners and routing Protocol : Port : Default action
Note: Below default action, select the Target Groups already created from the above steps.
TLS : 443 : openg2p-<envname>-external-http
TCP : 80 : openg2p-<envname>-ext-httpsredirect
Select
ACM certificate
as per environment domain name.Note: Click here to create ACM certificate, if required.
Review the configuration settings and create the Load Balancer
Do mapping on AWS Route53
Last updated