I would like to protect my lightsail instances with a AWS-WAF. For that, I need an EC2 Load Balancer instead of the lightsail one. I´ve implemented the following steps (all with root user):
- Enable VPC peering in lightsail, on the correspondent zone, let say 'Ireland'.
- AWS VPC is default and in Ireland.
- Create a Target Group of type IP Address, on previous default VPC; Network 'Other Private IP Address' and the private address of the lightsail instance (instance has an apache listening on port 80). Checked that targets are 'Healty' on Target Group.
- Create a LoadBalancer in the Default VPC, with the previous created Target Group, and with zones 'a' and 'b' of Ireland. Zone 'a' is the zone of where the lightsail instance is.
- On Route 53 created a public hosted zone, with the name of my domain (registered directly in Route 53).
- Create a DNS A record of type 'Alias', with linked point 'Alias Application Load Balancer', in region Ireland and pointing to previous created Load Balancer (showed for selection with the name of the LB, but wit 'dualstack.' appended to it).
6.1. Also tried resolving the LB DNS and creating the DNS A record to point directly to the IP instead of the 'Alias'.
After all these steps, when trying to browse to my domain, I´m getting an "ERR_CONNECTION_TIMED_OUT".
Ping to domain resolves to same ip that Load Balancer DNS; Security Groups in AWS allow all traffic; there is route in AWS to internal network of LightSail (created automatically when peering VPCs in step 1); ACL or Firewall are allowing all traffic; on ligthsail all traffic is allowed as well.
What I could be missing? At that point and with all the steps reviewed, I can´t not figure out where the issue is.
AWS 官方已更新 2 年前