AWS Application Load Balancer vs. NGINX Plus

In August 2016, Amazon Web Services (AWS) introduced Application Load Balancer for Layer 7 load balancing of HTTP and HTTPS traffic. The new product added several features missing from AWS’s existing Layer 4 and Layer 7 load balancer, Elastic Load Balancer, which was officially renamed Classic Load Balancer.

A year later, AWS launched Network Load Balancer for improved Layer 4 load balancing, so the set of choices for users running highly available, scalable applications on AWS includes:

In this post, we review ALB’s features and compare its pricing and features to NGINX Open Source and NGINX Plus.

Notes –

  • The information about supported features is accurate as of July 2020, but is subject to change.
  • For a direct comparison of NGINX Plus and Classic Load Balancer (formerly Elastic Load Balancer or ELB), as well as information on using them together, see our previous blog post.
  • For information on using NLB for a high‑availability NGINX Plus deployment, see our previous blog post.

Features In Application Load Balancer

ALB, like Classic Load Balancer or NLB, is tightly integrated into AWS. Amazon describes it as a Layer 7 load balancer – though it does not provide the full breadth of features, tuning, and direct control that a standalone Layer 7 reverse proxy and load balancer can offer.

ALB provides the following features that are missing from Classic Load Balancer:

  • Content‑based routing. ALB supports content‑based routing based on the request URL, Host header, and fields in the request that include standard and custom HTTP headers and methods, query parameters, and source IP address. (See “Benefits of migrating from a Classic Load Balancer” in the ALB documentation.)
  • Support for container‑based applications. ALB improves on the existing support for containers hosted on Amazon’s EC2 Container Service (ECS).
  • More metrics. You can collect metrics on a per‑microservice basis.
  • WebSocket support. ALB supports persistent TCP connections between a client and server.
  • HTTP/2 support. ALB supports HTTP/2, a superior alternative when delivering content secured by SSL/TLS.

(For a complete feature comparison of ALB and Classic Load Balancer, see “Product comparisons” in the AWS documentation.)

ALB was a significant update for AWS users who had struggled with Classic Load Balancer’s limited feature set, and it went some way towards addressing the requirements of sophisticated users who need to be able to secure, optimize, and control the traffic to their web applications. However, it still does not provide all the capabilities of dedicated reverse proxies (such as NGINX) and load balancers (such as NGINX Plus).

#load balancing #elastic load balancing (elb) #amazon web services #aws

What is GEEK

Buddha Community

AWS Application Load Balancer vs. NGINX Plus

AWS Application Load Balancer vs. NGINX Plus

In August 2016, Amazon Web Services (AWS) introduced Application Load Balancer for Layer 7 load balancing of HTTP and HTTPS traffic. The new product added several features missing from AWS’s existing Layer 4 and Layer 7 load balancer, Elastic Load Balancer, which was officially renamed Classic Load Balancer.

A year later, AWS launched Network Load Balancer for improved Layer 4 load balancing, so the set of choices for users running highly available, scalable applications on AWS includes:

In this post, we review ALB’s features and compare its pricing and features to NGINX Open Source and NGINX Plus.

Notes –

  • The information about supported features is accurate as of July 2020, but is subject to change.
  • For a direct comparison of NGINX Plus and Classic Load Balancer (formerly Elastic Load Balancer or ELB), as well as information on using them together, see our previous blog post.
  • For information on using NLB for a high‑availability NGINX Plus deployment, see our previous blog post.

Features In Application Load Balancer

ALB, like Classic Load Balancer or NLB, is tightly integrated into AWS. Amazon describes it as a Layer 7 load balancer – though it does not provide the full breadth of features, tuning, and direct control that a standalone Layer 7 reverse proxy and load balancer can offer.

ALB provides the following features that are missing from Classic Load Balancer:

  • Content‑based routing. ALB supports content‑based routing based on the request URL, Host header, and fields in the request that include standard and custom HTTP headers and methods, query parameters, and source IP address. (See “Benefits of migrating from a Classic Load Balancer” in the ALB documentation.)
  • Support for container‑based applications. ALB improves on the existing support for containers hosted on Amazon’s EC2 Container Service (ECS).
  • More metrics. You can collect metrics on a per‑microservice basis.
  • WebSocket support. ALB supports persistent TCP connections between a client and server.
  • HTTP/2 support. ALB supports HTTP/2, a superior alternative when delivering content secured by SSL/TLS.

(For a complete feature comparison of ALB and Classic Load Balancer, see “Product comparisons” in the AWS documentation.)

ALB was a significant update for AWS users who had struggled with Classic Load Balancer’s limited feature set, and it went some way towards addressing the requirements of sophisticated users who need to be able to secure, optimize, and control the traffic to their web applications. However, it still does not provide all the capabilities of dedicated reverse proxies (such as NGINX) and load balancers (such as NGINX Plus).

#load balancing #elastic load balancing (elb) #amazon web services #aws

Hal  Sauer

Hal Sauer

1593444960

Sample Load balancing solution with Docker and Nginx

Most of today’s business applications use load balancing to distribute traffic among different resources and avoid overload of a single resource.

One of the obvious advantages of load balancing architecture is to increase the availability and reliability of applications, so if a certain number of clients request some number of resources to backends, Load balancer stays between them and route the traffic to the backend that fills most the routing criteria (less busy, most healthy, located in a given region … etc).

There are a lot of routing criteria, but we will focus on this article on fixed round-robin criteria — meaning each backend receives a fixed amount of traffic — which I think rarely documented :).

To simplify we will create two backends “applications” based on flask Python files. We will use NGINX as a load balancer to distribute 60% of traffic to application1 and 40% of traffic to application2.

Let’s start the coding, hereafter the complete architecture of our project:

app1/app1.py

from flask import request, Flask
import json

app1 = Flask(__name__)
@app1.route('/')
def hello_world():
return 'Salam alikom, this is App1 :) '
if __name__ == '__main__':
app1.run(debug=True, host='0.0.0.0')

app2/app2.py

from flask import request, Flask
import json

app1 = Flask(__name__)
@app1.route('/')
def hello_world():
return 'Salam alikom, this is App2 :) '
if __name__ == '__main__':
app1.run(debug=True, host='0.0.0.0')

Then we have to dockerize both applications by adding the requirements.txt file. It will contain only the flask library since we are using the python3 image.

#load-balancing #python-flask #docker-load-balancing #nginx #flask-load-balancing

Divya Raj

1624523136

GCP Vs AWS in 2021 - A Cloud Computing Face Off

The world of data analytics and technology have been dramatically altered by cloud computing. The two companies which are known for providing tremendous cloud computing technologies are- Google Cloud Platform and Amazon Web Services.
This artcile highlights the comparison between these big companies.

https://blog.digitalogy.co/gcp-vs-aws-in-2021/

#aws #aws and gcp #aws google #aws or google cloud #aws vs gcp services #cloud application vendors

Introducing AWS Gateway Load Balancer

Last year, we launched Virtual Private Cloud (VPC) Ingress Routing to allow routing of all incoming and outgoing traffic to/from an Internet Gateway (IGW) or Virtual Private Gateway (VGW) to the Elastic Network Interface of a specific Amazon Elastic Compute Cloud (EC2) instance. With VPC Ingress Routing, you can now configure your VPC to send all traffic to an EC2 instance that typically runs network security tools to inspect or to block suspicious network traffic or to perform any other network traffic inspection before relaying the traffic to other EC2 instances.

While that makes it easy to add an appliance into the network, ensuring high availability and scalability remains a challenge. Customers have to either over-provision appliances to handle peak load and high availability, or they have to manually scale up and down the appliances based on traffic, or use other ancillary tools – all of which increases operational overhead and costs.

#aws marketplace #aws partner network #aws #aws gateway load balancer

Christa  Stehr

Christa Stehr

1598408880

How To Unite AWS KMS with Serverless Application Model (SAM)

The Basics

AWS KMS is a Key Management Service that let you create Cryptographic keys that you can use to encrypt and decrypt data and also other keys. You can read more about it here.

Important points about Keys

Please note that the customer master keys(CMK) generated can only be used to encrypt small amount of data like passwords, RSA key. You can use AWS KMS CMKs to generate, encrypt, and decrypt data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

You must use and manage data keys outside of AWS KMS. KMS API uses AWS KMS CMK in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.

Scenario

We want to create signup and login forms for a website.

Passwords should be encrypted and stored in DynamoDB database.

What do we need?

  1. KMS key to encrypt and decrypt data
  2. DynamoDB table to store password.
  3. Lambda functions & APIs to process Login and Sign up forms.
  4. Sign up/ Login forms in HTML.

Lets Implement it as Serverless Application Model (SAM)!

Lets first create the Key that we will use to encrypt and decrypt password.

KmsKey:
    Type: AWS::KMS::Key
    Properties: 
      Description: CMK for encrypting and decrypting
      KeyPolicy:
        Version: '2012-10-17'
        Id: key-default-1
        Statement:
        - Sid: Enable IAM User Permissions
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:root
          Action: kms:*
          Resource: '*'
        - Sid: Allow administration of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyAdmin}
          Action:
          - kms:Create*
          - kms:Describe*
          - kms:Enable*
          - kms:List*
          - kms:Put*
          - kms:Update*
          - kms:Revoke*
          - kms:Disable*
          - kms:Get*
          - kms:Delete*
          - kms:ScheduleKeyDeletion
          - kms:CancelKeyDeletion
          Resource: '*'
        - Sid: Allow use of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyUser}
          Action:
          - kms:DescribeKey
          - kms:Encrypt
          - kms:Decrypt
          - kms:ReEncrypt*
          - kms:GenerateDataKey
          - kms:GenerateDataKeyWithoutPlaintext
          Resource: '*'

The important thing in above snippet is the KeyPolicy. KMS requires a Key Administrator and Key User. As a best practice your Key Administrator and Key User should be 2 separate user in your Organisation. We are allowing all permissions to the root users.

So if your key Administrator leaves the organisation, the root user will be able to delete this key. As you can see **KeyAdmin **can manage the key but not use it and KeyUser can only use the key. ${KeyAdmin} and **${KeyUser} **are parameters in the SAM template.

You would be asked to provide values for these parameters during SAM Deploy.

#aws #serverless #aws-sam #aws-key-management-service #aws-certification #aws-api-gateway #tutorial-for-beginners #aws-blogs