I have an application which is running on an AWS ECS cluster which has 2 instances. I'm using EC2 instance type for ECS. I also have an application load balancer attached to this ECS cluster which uses dynamic port mapping. Right now, the application is working fine with the Load balancer's domain name.
I'm planning to add SSL feature for the load balancer and also a domain name for my application. For simplicity, I'm planning to use AWS ACM to create SSL certificates for HTTPS connectivity. But I'm not very aware of the domain name registration and all.
So I'm not sure on where to attach this domain if I go for a new domain registration. What IP do I use for domain registration? Or If I have a domain name, can I attach it to my application.
But still, I'm not sure where to point to. Any help regarding attaching domain to app with ecs and aws alb will be appreciated.
Thanks in advance.
Basically, you have to create an A record in your DNS server pointing to the ELB.
Amazon has Route53 for registering domains, if your domain is registered with Route53 it's easy as selecting the ELB from the list on the route53 console.
If you host your domain on a different registrar (e.g. GoDaddy) then make sure your ELB is publicly available and use its address for host address if your domain A record.
Related
When I run aws eks update-kubeconfig, my ~/.kube/config file contains the following line:
server: https://1234567890ABCDEF1234567890ABCDEF.xx0.region.eks.amazonaws.com
This hostname resolves to some IP address in our VPC.
Which used to work fine, but now my company is migrating to a DNS-based VPN and, due to factors outside my team's control, blanket DNS routing of a domain we don't control, such as eks.amazonaws.com, is not an option. Also the server hostnames are constantly changing because we use Blue-Green Deployment.
There's a really crappy workaround in which we manually keep a CNAME record in Route53 and manually edit that address in kube config after we run update-kubeconfig.
Is there a way to tell EKS to use a Route53 Record instead of that amazonaws.com URLs in a way that update-kubeconfig will know about?
DNS is the core discovery system for EKS, Kubernetes. Having said that, a potential solution is external DNS which integrates with Route53.
I have a AKS cluster with default FQDN name with the suffix of "cloudapp.azure.com". I want to get a domain and apply it to the cluster but am not sure how to apply custom domain to Kubernetes cluster in azure.
Can anyone help me with the steps to apply custom domain name to AKS cluster?
If I understand you correctly, you've already deployed your application on Kubernetes and want to connect it to your custom domain name.
For this purpose you can use NGINX Ingress Controller.
Below I will briefly describe how you can do it on AKS:
First you need to create an ingress controller and ingress resource. For Azure AKS detailed instructions can be found here: create-an-ingress-controller.
Note: By default, the public IP address acquired by NGINX Ingress is lost
if the controller is deleted. I recommend you to
create static public IP address, because it remains if the ingress controller is deleted.
Next identify the public IP address (EXTERNAL-IP) associated with
your NGINX Ingress service that was created in the previous step.
Now you need to create an A DNS record, to point your domain to the cluster.
Additionally you may
want to provide CNAME record, but is isn't mandatory and depends
on your needs.It is possible to create Azure DNS Zone for your
custom domain and then add appropriate record sets to this zone.
Note: Azure DNS is not the domain registrar, you have to configure the
Azure DNS name servers as the correct name servers for
the domain name with the domain name registrar. For more
information, see Delegate a domain to Azure DNS.
Azure won't provide you the DNS names, but it has a service named as DNS zone, where you can register your custom domain ( that you may have from providers like GoDaddy etc ), the externalIP of the ingress or any other load balancer that you see in the AKS clusters can be mapped to this custom domain name in the DNS zone and this will take the traffic to the respective AKS cluster.
Advantage of DNS zone is that, you can enter multiple alias URLs as well and can make them to take traffic to AKS cluster, like
abc.com is your domain ( let's say )
api.abc.com is for mobile applications to communicate with AKS and this can be pointed to same URL via CNames in DNS zone.
You can have multiple options here based on your usecase, refer Azure's documentation on DNS zones for that
I have an express js application running on aws ec2 instance that acts as rest api for my application. If i want to add ssl certification for my expressjs api what should i do?
1)Do i need to get a domain with ssl certification and map it to my ec2 ip address?
2)Or its enough to put aws API gateway in front of my ec2 instance , use the free ssl from ACM and get a domain without ssl?
3)Or get a domain with ssl and also ssl in acm?
(kind of confused with understanding domain and ssl, any help would be appreciated)
Thanks in advance.
The default pattern for this kind of use case, assuming that you don't want to manage a domain + certificate, is to put your EC2 instance behind a service that integrates with ACM, such as Elastic Load Balancing (ELB) or an Amazon CloudFront distribution.
API Gateway, while also giving you an SSL certificate, would also bring many other features that you'd still have to pay for.
Example
EDIT:
Original question was not formatted properly and I missed option 3).
If you are going to get a domain, then you have other options such as managing it with Route53 and directing your traffic to the EC2, or do the same but with the domain registrar. This assumes that the EC2 has a static IP address that allows you to address it. At this point, you can get an SSL Cert either via AWS ACM or by other means directly on the EC2 (i.e. Let's Encrypt). The difference between the two, aside from price, would be that one requires you to manage your own certificate while the other is an AWS managed service.
I'm trying to enable SSL on a subdomain from a domain I purchased from Google Domains (Managed with Netlify DNS). The domain is currently pointing to a static react app hosted by Netlify (it has SSL).
The subdomain (api.example.com) pointing to an elastic IP associated with an EC2 instance doesn't seem to be working when I try to access it with HTTPS (api.example.com’s server IP address could not be found.) but works with HTTP.
Does anyone know of a way I could use that SSL certificate I got from Netlify on the subdomain pointing to my aws instance?
I'm using only an A record for the subdomain -> elastic ip. For the purpose of getting everything to work, I've enabled all inbound/outbound ports for all traffic types on my instance security group.
This is a confusing situation but let me try my level best to present my problem.
I am trying my hand at setting up an aws app architecture by following this blueprint: https://s3.amazonaws.com/awsmedia/architecturecenter/AWS_ac_ra_web_01.pdf
I don't require the web server part of it, so the components that I am trying to set up are Route53 -> Elastic Load Balancer -> (A subnet containing two ec2 instances that contain my nodejs app)
I have created a hosted zone on Route53, and I created a set record with an alias set to the ELB.
At first, I did not setup NGINX on my EC2 instances and in my ELB configuration I registered my EC2 instances on the port on which the application runs, i.e 9000. At this point, if I tried to access my app via the domain name, the page was unreachable, and I tried to access it via the ELB DNS, it returned with 504.
Then I set up Nginx on my instances and registered instances on ELB with port 80, and this time ELB returned with 503, however the page is still unreachable via Route53
I am using an application load balancer with HTTPS protocol.
So, at this point, I can't access my app via Route53, and I am getting 503 when I access it via ELB DNS, however, if I point my browser to the public dns of either of my ec2 instances, I am getting response from my APIs.
Can anyone help me with this?