Yuval Adam

The Anomaly of Amazon EC2 Load Balancing

Amazon has a cool load balancing service as part of their EC2 offering. Sure, you can always set up a load balancer of your own (HAProxy is my favorite), but if you’re already running on EC2, using the Amazon load balancer is an easy option. So we went with that.

Until we discovered a weird issue, that has already been a problem for quite some time. The problem is actually very simple - when starting an Amazon LB, it is automatically assigned an Amazon public DNS address. Cool. After configuring it, all you need to do is just point a CNAME DNS record to it, and you’re done.

But! What if you want to load balance your web servers? What if you want to serve your website from the root domain (example.com)? How do you set a CNAME record for the root domain? Simple: you can’t. Even if you wanted to create an A record and point it to the load balancers public IP, you’re in no luck - Amazon still does not allow attaching a public IP to a load balancer. (This blog post has an in-depth explanation of why this is the case.)

We found ourselves in this situation today, with the following options:

  1. Set the CNAME record from the www subdomain and serve all web content from www.example.com. We did not like this option since this meant changing our policy of serving our site from example.com. It also meant having a nasty redirect from example.com to www.example.com to anyone that accesses links without the subdomain.
  2. Set up a proxy server just for accepting incoming connections, and forwarding them to the load balancer.

We went with the proxy server solution. It’s ugly. It’s a hack. It adds network latency. But until Amazon add the option to attach an IP to a load balancer, it’s the best option we have. We set up a micro instance, installed HAProxy (with the following configuration), and it works pretty good.

So, Amazon, how about those public IPs?