aws(学习笔记第十六课) 使用负载均衡器(ELB)解耦webserver以及输出ELB的日志到S3

aws(学习笔记第十六课)

  • 使用负载均衡器(ELB)以及输出ELB的日志到S3

学习内容:

  • 使用负载均衡器(ELB)解耦web server
  • 输出ELB的日志到S3

1. 使用负载均衡器(ELB)

  1. 全体架构
    使用ELB(Elastic Load Balancer)能够解耦外部internet访问和web server之间的耦合,让外部internet访问只能认识ELB,只知道是ELB为它服务,但是具体的web server对于外部来说却是不意识的。

在这里插入图片描述
2. 代码解析

  • 全体代码
    {
    	"AWSTemplateFormatVersion": "2010-09-09",
    	"Description": "AWS in Action: chapter 12 (Load Balancer)",
    	"Parameters": {
    		"KeyName": {
    			"Description": "Key Pair name",
    			"Type": "AWS::EC2::KeyPair::KeyName",
    			"Default": "my-cli-key"
    		},
    		"NumberOfServers": {
    			"Description": "Number of servers",
    			"Type": "Number",
    			"Default": "2",
    			"MinValue": "2",
    			"MaxValue": "4"
    		}
    	},
    	"Mappings": {
    		"EC2RegionMap": {
    			"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb"},
    			"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a"},
    			"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7"},
    			"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5"},
    			"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6"},
    			"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8"},
    			"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"},
    			"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295"},
    			"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7"}
    		}
    	},
    	"Resources": {
    		"VPC": {
    			"Type": "AWS::EC2::VPC",
    			"Properties": {
    				"CidrBlock": "172.31.0.0/16",
    				"EnableDnsHostnames": "true"
    			}
    		},
    		"InternetGateway": {
    			"Type": "AWS::EC2::InternetGateway",
    			"Properties": {
    			}
    		},
    		"VPCGatewayAttachment": {
    			"Type": "AWS::EC2::VPCGatewayAttachment",
    			"Properties": {
    				"VpcId": {"Ref": "VPC"},
    				"InternetGatewayId": {"Ref": "InternetGateway"}
    			}
    		},
    		"Subnet": {
    			"Type": "AWS::EC2::Subnet",
    			"Properties": {
    				"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},
    				"CidrBlock": "172.31.38.0/24",
    				"VpcId": {"Ref": "VPC"}
    			}
    		},
    		"RouteTable": {
    			"Type": "AWS::EC2::RouteTable",
    			"Properties": {
    				"VpcId": {"Ref": "VPC"}
    			}
    		},
    		"RouteTableAssociation": {
    			"Type": "AWS::EC2::SubnetRouteTableAssociation",
    			"Properties": {
    				"SubnetId": {"Ref": "Subnet"},
    				"RouteTableId": {"Ref": "RouteTable"}
    			}
    		},
    		"RoutePublicNATToInternet": {
    			"Type": "AWS::EC2::Route",
    			"Properties": {
    				"RouteTableId": {"Ref": "RouteTable"},
    				"DestinationCidrBlock": "0.0.0.0/0",
    				"GatewayId": {"Ref": "InternetGateway"}
    			},
    			"DependsOn": "VPCGatewayAttachment"
    		},
    		"NetworkAcl": {
    			"Type": "AWS::EC2::NetworkAcl",
    			"Properties": {
    				"VpcId": {"Ref": "VPC"}
    			}
    		},
    		"SubnetNetworkAclAssociation": {
    			"Type": "AWS::EC2::SubnetNetworkAclAssociation",
    			"Properties": {
    				"SubnetId": {"Ref": "Subnet"},
    				"NetworkAclId": {"Ref": "NetworkAcl"}
    			}
    		},
    		"NetworkAclEntryIngress": {
    			"Type": "AWS::EC2::NetworkAclEntry",
    			"Properties": {
    				"NetworkAclId": {"Ref": "NetworkAcl"},
    				"RuleNumber": "100",
    				"Protocol": "-1",
    				"RuleAction": "allow",
    				"Egress": "false",
    				"CidrBlock": "0.0.0.0/0"
    			}
    		},
    		"NetworkAclEntryEgress": {
    			"Type": "AWS::EC2::NetworkAclEntry",
    			"Properties": {
    				"NetworkAclId": {"Ref": "NetworkAcl"},
    				"RuleNumber": "100",
    				"Protocol": "-1",
    				"RuleAction": "allow",
    				"Egress": "true",
    				"CidrBlock": "0.0.0.0/0"
    			}
    		},
    		"LoadBalancerSecurityGroup": {
    			"Type": "AWS::EC2::SecurityGroup",
    			"Properties": {
    				"GroupDescription": "elb-sg",
    				"VpcId": {"Ref": "VPC"},
    				"SecurityGroupIngress": [{
    					"CidrIp": "0.0.0.0/0",
    					"FromPort": 80,
    					"IpProtocol": "tcp",
    					"ToPort": 80
    				}]
    			}
    		},
    		"LoadBalancer": {
    			"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
    			"Properties": {
    				"Subnets": [{"Ref": "Subnet"}],
    				"LoadBalancerName": "elb",
    				"Listeners": [{
    					"InstancePort": "80",
    					"InstanceProtocol": "HTTP",
    					"LoadBalancerPort": "80",
    					"Protocol": "HTTP"
    				}],
    				"HealthCheck": {
    					"HealthyThreshold": "3",
    					"Interval": "10",
    					"Target": "HTTP:80/index.html",
    					"Timeout": "5",
    					"UnhealthyThreshold": "2"
    				},
    				"SecurityGroups": [{"Ref": "LoadBalancerSecurityGroup"}],
    				"Scheme": "internet-facing"
    			},
    			"DependsOn": "VPCGatewayAttachment"
    		},
    		"WebServerSecurityGroup": {
    			"Type": "AWS::EC2::SecurityGroup",
    			"Properties": {
    				"GroupDescription": "awsinaction-sg",
    				"VpcId": {"Ref": "VPC"},
    				"SecurityGroupIngress": [{
    					"CidrIp": "0.0.0.0/0",
    					"FromPort": 22,
    					"IpProtocol": "tcp",
    					"ToPort": 22
    				}, {
    					"FromPort": 80,
    					"IpProtocol": "tcp",
    					"SourceSecurityGroupId": {"Ref": "LoadBalancerSecurityGroup"},
    					"ToPort": 80
    				}]
    			}
    		},
    		"LaunchTemplate": {
    			"Type": "AWS::EC2::LaunchTemplate",
    			"Metadata": {
    				"AWS::CloudFormation::Init": {
    					"config": {
    						"packages": {
    							"yum": {
    								"httpd": []
    							}
    						},
    						"files": {
    							"/tmp/config": {
    								"content": {"Fn::Join": ["", [
    									"#!/bin/bash -ex\n",
    									"PRIVATE_IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`\n",
    									"echo \"<html><head><title>$PRIVATE_IP</title></head><body><h1>$PRIVATE_IP</h1></body></html>\" > index.html\n"
    								]]},
    								"mode": "000500",
    								"owner": "root",
    								"group": "root"
    							}
    						},
    						"commands": {
    							"01_config": {
    								"command": "/tmp/config",
    								"cwd": "/var/www/html"
    							}
    						},
    						"services": {
    							"sysvinit": {
    								"httpd": {
    									"enabled": "true",
    									"ensureRunning": "true"
    								}
    							}
    						}
    					}
    				}
    			},
    			"Properties": {
    				"LaunchTemplateData":{
    					"EbsOptimized": false,
    					"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},
    					"InstanceType": "t2.micro",
    					"NetworkInterfaces":[
    						{
    							"DeviceIndex":0,
    							"AssociatePublicIpAddress":true,
    							"Groups":[
    								{"Ref": "WebServerSecurityGroup"}
    							],
    							"DeleteOnTermination":true
    						}
    					],
    					"KeyName": {"Ref": "KeyName"},
    					"UserData": {"Fn::Base64": {"Fn::Join": ["", [
    						"#!/bin/bash -ex\n",
    						"yum update -y aws-cfn-bootstrap\n",
    						"/opt/aws/bin/cfn-init -v --stack ", {"Ref": "AWS::StackName"}, " --resource LaunchTemplate --region ", {"Ref": "AWS::Region"}, "\n",
    						"/opt/aws/bin/cfn-signal -e $? --stack ", {"Ref": "AWS::StackName"}, " --resource AutoScalingGroup --region ", {"Ref": "AWS::Region"}, "\n"
    					]]}}
    				}
    			}
    		},
    		"AutoScalingGroup": {
    			"Type": "AWS::AutoScaling::AutoScalingGroup",
    			"Properties": {
    				"LoadBalancerNames": [{"Ref": "LoadBalancer"}],
    				"LaunchTemplate" : {"LaunchTemplateId" : {"Ref" : "LaunchTemplate"},"Version" : {"Fn::GetAtt" : ["LaunchTemplate","LatestVersionNumber"]}},
    				"MinSize": {"Ref": "NumberOfServers"},
    				"MaxSize": {"Ref": "NumberOfServers"},
    				"DesiredCapacity": {"Ref": "NumberOfServers"},
    				"VPCZoneIdentifier": [{"Ref": "Subnet"}]
    			},
    			"CreationPolicy": {
    				"ResourceSignal": {
    					"Timeout": "PT10M"
    				}
    			},
    			"DependsOn": "VPCGatewayAttachment"
    		}
    	},
    	"Outputs": {
    		"URL": {
    			"Value": {"Fn::Join": ["", ["http://", {"Fn::GetAtt": ["LoadBalancer", "DNSName"]}]]},
    			"Description": "Load Balancer URL"
    		}
    	}
    }
    
  • 主要代码分析
    • WebServerSecurityGroup中的SourceSecurityGroupId
      这里,WebServerSecurityGroupSourceSecurityGroupIdLoadBalancerSecurityGroup,表明只有LoadBalancerSecurityGroup所在的主机,也就是LoadBalancer才能对web server访问80端口。
      "WebServerSecurityGroup": {
      			"Type": "AWS::EC2::SecurityGroup",
      			"Properties": {
      				"GroupDescription": "awsinaction-sg",
      				"VpcId": {"Ref": "VPC"},
      				"SecurityGroupIngress": [{
      					"CidrIp": "0.0.0.0/0",
      					"FromPort": 22,
      					"IpProtocol": "tcp",
      					"ToPort": 22
      				}, {
      					"FromPort": 80,
      					"IpProtocol": "tcp",
      					"SourceSecurityGroupId": {"Ref": "LoadBalancerSecurityGroup"},
      					"ToPort": 80
      				}]
      			}
      		},
      
    • LoadBalancer加入HealthCheck
      这里,LoadBalancer里面,加入了对web serverHealthCheck,当web serverindex.hmlt80端口能够访问之后,才能够开始转送到web server
      		"LoadBalancer": {
      			"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
      			"Properties": {
      				"Subnets": [{"Ref": "Subnet"}],
      				"LoadBalancerName": "elb",
      				"Listeners": [{
      					"InstancePort": "80",
      					"InstanceProtocol": "HTTP",
      					"LoadBalancerPort": "80",
      					"Protocol": "HTTP"
      				}],
      				"HealthCheck": {
      					"HealthyThreshold": "3",
      					"Interval": "10",
      					"Target": "HTTP:80/index.html",
      					"Timeout": "5",
      					"UnhealthyThreshold": "2"
      				},
      				"SecurityGroups": [{"Ref": "LoadBalancerSecurityGroup"}],
      				"Scheme": "internet-facing"
      			},
      			"DependsOn": "VPCGatewayAttachment"
      		},
      

2. 输出ELB的日志到S3

  • 首先设置S3 存储桶策略,允许ELB写入logS3
    • policy.json策略文件
      事先作成elb-log-20241208S3 bucket,之后写出policy文件允许logdelivery.elasticloadbalancing.amazonaws.com这个service能够putObjectS3 bucket
      {
        "Id": "Policy1429136655940",
        "Version": "2012-10-17",
        "Statement": [{
          "Sid": "Stmt1429136633762",
          "Action": ["s3:PutObject"],
          "Effect": "Allow",
          "Resource": "arn:aws:s3:::elb-log-20241208/*",
          "Principal": {
            "AWS": [
              "127311923021", "027434742980", "797873946194",
              "156460612806", "054676820928", "582318560864",
              "114774131450", "783225319266", "507241528517"
            ]
          }
        }]
      }
      
      这里,127311923021027434742980像是一些magic code,这到底是什么呢?可以参照enable-access-logging.html,它们是所在地区的 Elastic Load Balancing 的 ID: AWS 账户。
    • 设置policy.json策略文件给S3bucket
      aws s3api put-bucket-policy --bucket elb-log-20241208 --policy file://policy/elb-log-policy.json
      
      在这里插入图片描述
    • 配置cloudformationELB输入logS3 bucket
      AccessLoggingPolicy这里就是设置描述log输出的设置。
      		"LoadBalancer": {
      			"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
      			"Properties": {
      				"Subnets": [{"Ref": "Subnet"}],
      				"LoadBalancerName": "elb",
      				"Listeners": [{
      					"InstancePort": "80",
      					"InstanceProtocol": "HTTP",
      					"LoadBalancerPort": "80",
      					"Protocol": "HTTP"
      				}],
      				"HealthCheck": {
      					"HealthyThreshold": "3",
      					"Interval": "10",
      					"Target": "HTTP:80/index.html",
      					"Timeout": "5",
      					"UnhealthyThreshold": "2"
      				},
      				"AccessLoggingPolicy":{
      					"ENabled": true,
      					"S3BucketName":"elb-log-20241208",
      					"S3BucketPrefix":"my-application/production"
      				}
      				"SecurityGroups": [{"Ref": "LoadBalancerSecurityGroup"}],
      				"Scheme": "internet-facing"
      			},
      			"DependsOn": "VPCGatewayAttachment"
      		},
      
      在这里插入图片描述
      在这里插入图片描述
    • 重新访问ELB
      在这里插入图片描述
    • 检查S3log文件夹
      可以看到log已经开始写入到S3
      在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/933513.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

如何使用Java编写Jmeter函数

Jmeter 自带有各种功能丰富的函数&#xff0c;可以帮助我们进行测试&#xff0c;但有时候提供的这些函数并不能满足我们的要求&#xff0c;这时候就需要我们自己来编写一个自定义的函数了。例如我们在测试时&#xff0c;有时候需要填入当前的时间&#xff0c;虽然我们可以使用p…

实战指南:如何通过WBS提高项目估算准确性?

通过WBS将复杂任务细分为更易管理的任务&#xff0c;这有助于明确每项工作范围、所需资源及时间&#xff0c;从而减少估算误差&#xff0c;制定更现实的预算和时间表&#xff0c;提升团队协作效率。如果没有通过WBS将任务细化&#xff0c;项目范围可能变得模糊不清&#xff0c;…

ECharts实战教程:如何生成动态水波纹效果

导语&#xff1a;在数据可视化领域&#xff0c;ECharts是一款非常强大的图表库。今天&#xff0c;我们将带领大家学习如何使用ECharts生成动态水波纹效果&#xff0c;让我们的图表更加生动有趣。 一、准备工作 首先&#xff0c;我们需要准备一些基础数据&#xff0c;如下所示&…

详解:HTTP/HTTPS协议

HTTP协议 一.HTTP是什么 HTTP&#xff0c;全称超文本传输协议&#xff0c;是一种用于分布式、协作式、超媒体信息系统的应用层协议。HTTP往往是基于传输层TCP协议实现的&#xff0c;采用的一问一答的模式&#xff0c;即发一个请求&#xff0c;返回一个响应。 Q&#xff1a;什…

(0基础保姆教程)-JavaEE开课啦!--13课程(Interception拦截器)-完结

一、Interception(拦截器)是什么&#xff1f; 拦截器&#xff08;Interceptor&#xff09;是一种用于在请求到达目标方法之前或之后执行特定逻辑的机制。它是基于Java反射机制&#xff0c;属于面向切面编程&#xff08;AOP&#xff09;的一种应用。拦截器可以用于多种应用场景&…

vue 封装全局过滤器

1.找到utils下创建fifilter.js 一些常用的过滤方法 export const filters {//url解码urlCode: value > {if (!value) return let v decodeURIComponent(value)let bigIndex v.lastIndexOf(/)let endIndex v.lastIndexOf(.)let url v.substring(bigIndex 1, endIndex)…

Flask返回中文Unicode编码(乱码)解决方案

大家好,我是爱编程的喵喵。双985硕士毕业,现担任全栈工程师一职,热衷于将数据思维应用到工作与生活中。从事机器学习以及相关的前后端开发工作。曾在阿里云、科大讯飞、CCF等比赛获得多次Top名次。现为CSDN博客专家、人工智能领域优质创作者。喜欢通过博客创作的方式对所学的…

VMware:安装centos网络信息不可用

我们今天要处理的就是在vmware中安装centos出现网络不可用&#xff0c;导致无法安装系统的问题直接上图&#xff0c;我们在主机直接 cmdipconfig 发现IPV4地址都不一样&#xff0c;导致我们无法ping通虚拟机 那我们如何解决呢~~~~ 打开自己VM【编辑】【虚拟网络编辑器】【更…

MperReduce学习笔记下

自定义InputFormat合并小文件 案例需求 无论hdfs还是mapreduce&#xff0c;对于小文件都有损效率&#xff0c;实践中&#xff0c;又难免面临处理大量小文件的场景&#xff0c;此时&#xff0c;就需要有相应解决方案。 案例分析 小文件的优化无非以下几种方式&#xff1a; …

【MySQL 探索者日志 】第二弹 —— 数据库基础

MySQL系列学习笔记&#xff1a; MySQL探索者日志__Zwy的博客-CSDN博客 各位于晏&#xff0c;亦菲们&#xff0c;请点赞关注&#xff01; 我的个人主页&#xff1a; _Zwy-CSDN博客 目录 1、MySQL服务器&#xff0c;数据库&#xff0c;表关系 2、MySQL登录连接服务器 3、MyS…

flink终止提交给yarn的任务

接上文&#xff1a;一文说清flink从编码到部署上线 1.查看正在执行的flink 访问地址&#xff08;参考&#xff09;&#xff1a;http://10.86.97.191:8099/cluster/apps 2.终止任务 yarn application -kill appID 本文为&#xff1a; yarn application -kill application_17…

CentOS虚拟机开机出现问题

CentOS虚拟机断电或强制关机&#xff0c;再开机出现问题 错误原因&#xff1a; failed to mount /sysroot.&#xff08;无法挂载/ sysroot。&#xff09; Dependency failed for Initrd root File System.&#xff08;Initrd根文件系统的依赖关系失败。&#xff09; Dependency…

可靠的人形探测,未完待续(I)

HI&#xff0c;there&#xff01;从紧张的项目中出来冒个泡&#xff01; 刚好想要验证一下mmWave在有人检测方面的应用&#xff0c;就看到了这个活动 - 瞌睡了有枕头属于是&#xff0c;活动策划好评&#xff01; 朋友曾关注汽车相关的技术领域&#xff0c;跟我吐槽过&#xff0…

web斗地主游戏实现指北

前后端通信 作为一个即时多人游戏&#xff0c;不论是即时聊天还是更新玩家状态&#xff0c;都需要服务端有主动推送功能&#xff0c;或者客户端轮询。轮询的时间间隔可能导致游玩体验差&#xff0c;因为不即时更新&#xff0c;而且请求数量太多可能会打崩服务器。 建议在cs间…

基于Qt的文字处理软件(二)

这期文章我们进行主窗口的一些函数的定义&#xff0c;同时导入一些文字处理软件的状态栏会用到的图标。下面图片是图标导入到项目后的一个示例&#xff0c;图标可以到阿里矢量图标库里面找到。 一、导入图标资源: 1.首先在项目目录的位置创建一个images的文件,然后将收集好的图…

Halcon_数据类型_ROI_仿射变换_投影变换

文章目录 算子快捷键一、Halcon数据类型Iconic (图标)Control (控制)Tuple &#xff08;数组&#xff09; 二、ROI&#xff08;区域&#xff09;1.代码创建ROI2.手动创建ROI 三、图形预处理1.图像的变换与矫正平移 -hom_mat2d_translate旋转缩放-HomMat2D&#xff1a;输入的仿射…

C语言(指针基础练习)

删除数组中的元素 数组的元素在内存地址中是连续的&#xff0c;不能单独删除数组中的某个元素&#xff0c;只能覆盖。 #include <stdio.h> #include <stdbool.h>// 函数声明 int deleteElement(int arr[], int size, int element);int main() {int arr[] {1, 2, 3…

甘肃美食之选:食家巷方形饼

甘肃食家巷方形饼&#xff0c;顾名思义&#xff0c;其形状呈规整的方形。这种独特的外形并非偶然&#xff0c;而是源于当地传统的制作工艺。制作方形饼的师傅们&#xff0c;精心挑选优质的面粉&#xff0c;加入适量的水和其他配料&#xff0c;揉成光滑的面团。经过一段时间的发…

共享GitLab中CICD自动生成的软件包

0 Preface/Foreword 1 分享软件包地址 为了方便给接收对象方便下载固件&#xff0c;在下载固件时候&#xff0c;而无需打开网页&#xff0c;直接输入地址&#xff0c;弹出的对话框是将固件另存为。 或者进入CICD页面&#xff0c;找到job&#xff0c;在Download的标签上单击右键…

区块链钱包开发:全面功能设计方案解析

区块链钱包是连接用户与区块链世界的核心工具&#xff0c;为用户提供了存储、管理和交易加密资产的便捷途径。随着区块链应用的广泛普及&#xff0c;钱包的功能需求和技术复杂度也在不断增加。如何设计和开发一款功能全面、安全可靠的区块链钱包&#xff0c;成为区块链项目成功…