How to make a specific port publicly available within AWS

0
votes

I have my React website hosted in AWS on https using a classic load balancer and cloudfront but I now need to have port 1234 opened as well. When I currently browse my domain with port 1234 the page cannot be displayed. The reason I want port 1234 opened as this is where my nodeJs web server is running for React to communicate with.

I tried adding port 1234 into my load balancer listener settings although it made no difference. It's noticeable the load balancer health check panel seems to only have one value which is currently HTTP:80/index.html. I assume the load balancer can listen to port 80 and 1234 (even though it can only perform a health check on one port number)?

Do I need to use action groups or something else to open up the port? Please help, any advice much appreciated.

Many thanks,

Load balancer settings

load balancer settings

Infrastructure

I am using the following

  • EC2 (free tier) with the two code projects installed (React website and node server on the same machine in different directories)
  • Certificate created (using Certificate Manager)
  • I have created a CloudFront Distribution and verified it using email. My certificate was selected in the cloud front as the customer SSL certificate
  • I have a classic load balancer (instance points to my only EC2) and the status is InService. When I visit the load balancer DNS name value I see my React website. The load balancer listens to HTTP port 80. I've added port 1234 but this didn't help

Note: Please note this project is to learn AWS, React and NodeJs so if things are strange please indicate

EC2 instance screenshot

EC2 screen

Security group screenshot

security group screenshot

Load balancer screenshot

load balance configuration

Target group screenshot

target group settings

An attempt to register a target group

registered targets

1
amazon-web-servicesamazon-cloudfrontaws-load-balancer
Can you explain where is your web server running ? The one with port 1234 ... because your react app is just a set of static files probably hosted on Amazon S3 and delivered through CloudFront. Why do you need a load balancer if using Cloudfront ? I think a small description of your infra will help to understand. - Sébastien Stormacq
The React website is running on an EC2 in a directory I created. The nodejs web server is on the same EC2 but in a different folder, i.e. /home/ubuntu/website and /home/ubuntu/nodeserver. I might be doing this wrong (please indicate) as I'm trying to learn AWS but based on tutorials and some guidance I have a classic load balancer together with cloudfront and certificate manager - James
The CloudFront Distributions has my certificate mapped to it and the React website is working with https. I created the certificate using certificate manager. - James
Let me know if you need something in order to help. - James

1 Answers

0
votes

Thank you for having clarified your architecture.

I woud keep CloudFront out of the game now and be sure your setup works with just the load balancer. When everything will be configured correctly, you can easily add Cloudfront as a next step. In general, for all things in IT, it is easier to build a simple system that is working and increase complexity one step at a time rather than debugging a complex system that does not work.

The idea is to have an Application Load Balancer with two listeners, one for the web (TCP 80) and one for the API (TCP 123). The ALB will have two target groups (one for each port on your EC2 instance) and you will create Listeners rules to forward the correct port to the correct target groups. Please read "Application Load Balancer components" to understand how ALBs work.

Here are a couple of thing to check

  • be sure you have two listeners and two target group on your Application Load Balancer
  • the load balancer must be in a security group allowing TCP 80 and TCP 1234 from anywhere (0.0.0.0/0) (let's say SG-001)
  • the EC2 instance must be in a security group allowing TCP connections on port 1234 (for the API) and 80 (for the web site) only from source SG-001 (just the load balancer)

After having written all this, I realise you are using Classic Load Balancer. This should work as well, just be sure your EC2 instance has the correct security group (two rules, one for each port)

enter image description here