AWS Application Load Balancer

this topic explains how to use an aws application load balancer (layer 7) for your turbine deployment two load balancers are required for this deployment the aws application load balancer (layer 7) is used for external access to the turbine platform and the turbine platform installer an additional aws network load balancer (layer 4) is still required for the internal cluster communication architecture diagram load balancer for the turbine platform and the turbine platform installer target groups create the following target group https //docs aws amazon com/elasticloadbalancing/latest/application/load balancer target groups html port 4443 type set to instance protocol set to https port set to 4443 vpc should match that of the ec2 instances that turbine will be installed on health check protocol set to https health check port set to traffic port the health check settings healthy threshold , unhealthy threshold , timeout , and interval may vary based on your preferences for how quickly an instance should become unhealthy in order to stop receiving traffic health check success codes set to 200 register the first instance that you'll be running the turbine platform installer on to the target group with port set to 4443 after turbine has been installed on the additional nodes they need to be added to this target group port 8800 type set to instance protocol set to https port set to 8800 vpc should match that of the ec2 instances that turbine will be installed on health check protocol set to https health check port set to traffic port the health check settings healthy threshold , unhealthy threshold , timeout , and interval may vary based on your preferences for how quickly an instance should become unhealthy in order to stop receiving traffic health check success codes set to 200 register the first instance that you'll be running the turbine platform installer on to the target group with port set to 8800 after turbine has been installed on the additional nodes they need to be added to this target group load balancer create an aws application load balancer https //docs aws amazon com/elasticloadbalancing/latest/application/create application load balancer html ip address type choose ipv4 add a listener for each of the following ports port 443 protocol set to https port set to 443 configure it to forward traffic to the port 4443 target group created above security policy set according to your security policies more information about https listeners https //docs aws amazon com/elasticloadbalancing/latest/application/create https listener html elbsecuritypolicy tls 1 2 2017 01 or stronger is recommended default ssl certificate set to the acm, iam, or imported certificate that you choose this certificate needs to be valid for the swimlane hostname you specify when configuring our application port 8800 protocol set to https port set to 8800 configure it to forward traffic to the port 8800 target group created above security policy set according to your security policies more information about https listeners https //docs aws amazon com/elasticloadbalancing/latest/application/create https listener html elbsecuritypolicy tls 1 2 2017 01 or stronger is recommended default ssl certificate set to the acm, iam, or imported certificate that you choose this certificate needs to be valid for the swimlane hostname you specify when configuring our application optional port 80 used for the http to https redirect and can be excluded if you only want https/443 to be available protocol set to http port set to 80 configure it to redirect to with the following settings protocol set to https port set to 443 path settings set to original host, path, query status code set to 301 permanently moved availability zones the application load balancer's vpc should match that of the ec2 instances that turbine will be installed on the application load balancer's availability zones should include each availability zone used by the ec2 instances that turbine will be installed on security groups for aws application load balancers, ingress port access is defined in the security group assigned to the load balancer itself for more information about the port requirements see system requirements for an embedded cluster install docid 9lxricxlm1t14ydlkt4zr load balancer for internal cluster communication target groups create the following target groups https //docs aws amazon com/elasticloadbalancing/latest/network/load balancer target groups html port 6443 type set to ip protocol set to tcp port set to 6443 vpc should match that of the ec2 instances that turbine will be installed on health check protocol set to tcp health check port set to traffic port healthy threshold , unhealthy threshold , timeout , and interval may vary based on your preferences for how quickly an instance should become unhealthy in order to stop receiving traffic register the first instance that you'll be running the turbine platform installer on to the target group with port set to 6443 after turbine has been installed on the additional nodes they need to be added to this target group register the first instance that you'll be running the turbine platform installer on to the target group with port set to 80 after turbine has been installed on the additional nodes they need to be added to this target group load balancer create an aws network load balancer https //docs aws amazon com/elasticloadbalancing/latest/network/create network load balancer html ip address type choose ipv4 add a listener for each of the following ports port 6443 protocol set to tcp port set to 6443 configure it to forward traffic to the port 6443 target group created above availability zones the network load balancer's vpc should match that of the ec2 instances that turbine will be installed on the network load balancer's availability zones should include each availability zone used by the ec2 instances that turbine will be installed on security groups for aws network load balancers, ingress port access is defined in the security group used by the ec2 instances the port requirements are available in system requirements, system requirements for an embedded cluster install docid 9lxricxlm1t14ydlkt4zr turbine configuration be sure to enable the expose the swimlane web service externally option on the turbine platform installer ui config tab