Skip to main content
Skip table of contents

4 - Create ALB load balancer

[]

Why use load balancer

A load balancer is not actually needed for balancing a load; it is just used to terminate HTTPS and to direct traffic either to the HCMS satellite, or to the application middleware based on the path prefix. This allows both parts of the application to be on the same domain and share cookies.

CloudFormation template

The CloudFormation template privdes a basic balancer setup with all necessary components:

  • An HTTP listener that just redirects browser requests to the HTTPS listener

  • An HTTPS listener with certificate

  • Two target groups

    • one for the satellite

    • one for the middleware of the HCMS Client

  • A default rule to forward all traffic to the hcms-client

  • A path-prefix rule for the requests with /hcms/* to be forwarded to the hcms-satellite target group.

Note on FARGATE ECS services: since HCMS satellite and Client will run on EC2, the provided CloudFormation template creates target groups of the type instance. However, this target group type cannot be used by FARGATE ECS services.

Re-using existing resources

It is not necessary to create new ALB balancer just for a HCMS Client Starter Kit application; it is possible to use an existing one, shared with other applications.

It is also possible to use a custom certificate signed by an external certificate authority. For these reasons, the whole ALB setup is optional in the root template.

Creating a completely new balancer

Prerequisite: subnets in VPC

If you need to create a load balancer in AWS, you first need to make sure that you have available subnets in the AWS VPC (Virtual Private Cloud).

The subnets need to be:

  • in the same region as you want to create the balancer

  • in one and the same VPC

  • but in different availability zones: eu-central-1c is a different zone than eu-central-1b, but they may or may not belong to the same VPC

Warning Do not confuse regions and availability zone. Please consult the official AWS documentation.

Note If you run the censhare Server on an EC2 instance, it is highly recommended to use the VPC and the subnets used by that instance!

Please refer to the official AWS documentation to create new VPC and subnets.

Steps

Creating the ALB with a CloudFormation template is pretty easy; you just need to be aware of a few things and additional steps.

Stack failure options

Unfortunately, it is not possible to create the load balancer in one go even with the template. In-between, you will need to validate your certificate. For this reason, please change the default stack failure options to not roll it back and to keep resources instead. This will allow you to update the stack and continue its creation later.

Select correct VPC and subnets upon CloudFormation template upload

Upon upload of the CloudFormation template for the load balancer, you will see dropdowns for VPC ID and subnets. Unfortunately, the subnet dropdown comes before the VPC dropdown which can lead to confusions. Another problem is that selecting the right VPC does not limit which subnets appear in the subnet dropdown.

We suggest the following workaround: Go to the VPC dasboard, open the VPC you want to use, and open the resource map where the subnets are matched with their availability zones. Make sure you select subnets from the same VPC but two different availability zones.

Certificate validation

Stack creation with this CloudFormation template can only be finished successfully when the ownership of the domain is confirmed, and the certificate is ready.

If you go to the Certificate Manager, you will see the certificate requested during stack creation, pending for validation. ALB is waiting for the Certificate Manager to provide the valid certificate, which is only after the confirmation procedure is over. This confirmation uses the DNS protocol; once the CNAME exists, Certificate Manager generates the valid certificate and passes it to ALB.

You should submit your stack as described above, but, depending on what you use as your DNS server, two options are possible.

  • If you use AWS Route 53 as your DNS server, then go to the console and create a new CNAME for the domain, for which you need the certificate. It will take a few minutes for it to start existing. After that, you will see your certificate as issued in the Certificate Manager.

  • If you have your DNS server somewhere else, then CNAME needs to be created there. Please refer to the AWS and your third-party documentation for details. In general,

Updating the stack

Now, you need to go back to your stack and update it. You do not need to change anything in there; the update is only necessary to incorporate the newly validated certificate.

Create a DNS record

At last, you need to create a DNS record for your domain. You need an A record at the least, ideally, an AAAA. If you manage your DNS domain by Route 53 (AWS DNS service), you can define this record (or two records, one A and one AAAA) as an alias of the ALB load balancer.

You need to keep in mind the availability zones.

For this:

  • In the CloudFormation console, go to your newly created stack

  • Go to the Resources tab

  • Click on the balancer id

  • Find the "DNS name"

  • Go to the Route 53 and create the corresponding DNS record

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close