Hi I have 4 pre-prod env. and each env. have separate namespaces in the cluster so is it possible can i add all the ALB in the NLB - target group so it will work for same. ? in this case can i use 1-NLB or 4 NLB ?..
U can use host-header values in ALB to segregate the traffic.. so u can use 1 NLB-1ALB only , not sure why u want multiple NLBs.. ALBs are multi tenant and high perf cluster in backend so that will suffice ur request rt away.
from instances of my alb i am accessing an external API which is demanding ips for whitelisting my instances now if i implement your mentioned way can i provide my nlb static ip to them??
this method is to get inbound static IP which will whitelist in fw , again its not instance IPs which needs to be whitelisted , outbound of instance traffic either go via NAT/TGW if in private network otherwise generic IGW
If we have rds in private subnet and need to have public ip to access the same db from external application without any vpn access, what would be the solution
One way coming into my mind which is secure is to use reverse proxy keeping all ur DBs/Servers in private subnet and have firewall to play-around the connection logic. This way you can make sure that you dont go into security risk model connecting to private RDS from external Apps...
Hey Shashank, i just configured ALB and NLB in internet facing. While creating NLB I have configured one elastic ip which got whitelisted from the internal team to send OTP to the end user. But not able to get an OTP
are we sure configuration of AZs for NLB and ALB is correct in same zone. Its a prod tested scenario which worked for all customers. Seems something is missing in configuration or firewall
My two cents.. AWS Global accelarator will be helpful in such cases as well. Especially where is a need to bring your own IP or preserve your owned public IP's for whitelisting.
Excellent bro
Thank you for your help to understand clearly on this concept
You're most welcome
Thanks for your good video...i am looking forward this kind of production use cases
thanks.. more videos will come...
Good Explination
Thanks for liking
Excellent
Thanks !!!
Hi I have 4 pre-prod env. and each env. have separate namespaces in the cluster so is it possible can i add all the ALB in the NLB - target group so it will work for same. ? in this case can i use 1-NLB or 4 NLB ?..
U can use host-header values in ALB to segregate the traffic.. so u can use 1 NLB-1ALB only , not sure why u want multiple NLBs.. ALBs are multi tenant and high perf cluster in backend so that will suffice ur request rt away.
@@Cloud4DevOps Can you please elaborate how can i segregate the traffic for the environments ??..
Can you please how does HTTPS connections flow through in this setup? (Note: there’s no video on this at all)
I guess this is not possible as its app layer features
from instances of my alb i am accessing an external API which is demanding ips for whitelisting my instances now if i implement your mentioned way can i provide my nlb static ip to them??
this method is to get inbound static IP which will whitelist in fw , again its not instance IPs which needs to be whitelisted , outbound of instance traffic either go via NAT/TGW if in private network otherwise generic IGW
While cretaing NLB, you have not assigned static IP, is aws going to create static Ip automatically, kindly reply if I am wrong?
yes aws will give u static IPs. bt thats different from EIP which we create from AWS
If we have rds in private subnet and need to have public ip to access the same db from external application without any vpn access, what would be the solution
One way coming into my mind which is secure is to use reverse proxy keeping all ur DBs/Servers in private subnet and have firewall to play-around the connection logic. This way you can make sure that you dont go into security risk model connecting to private RDS from external Apps...
Hey Shashank, i just configured ALB and NLB in internet facing. While creating NLB I have configured one elastic ip which got whitelisted from the internal team to send OTP to the end user. But not able to get an OTP
are we sure configuration of AZs for NLB and ALB is correct in same zone. Its a prod tested scenario which worked for all customers. Seems something is missing in configuration or firewall
I have the alb with 3838,8787 port applications running on it.alb tg are getting healthy but for nlb the health checks failed
sounds like mis-config on healthcheck attribute
Alb tg(http-3837,http-8787)
Nlb tg(tcp-80)
What need to be done
ahh ok.. Are your listener configured for port 80 for both ALB and NLB?? These has to be exact match in terms of AZ as well ..
My two cents.. AWS Global accelarator will be helpful in such cases as well. Especially where is a need to bring your own IP or preserve your owned public IP's for whitelisting.
agreed ..
why ALB and NLB should present in same AZ?