Basic EC2 Load Balancing Concepts

Question

I am creating a site that I expect to receive DDoS attacks on occasion.

I have created two EBS AMIs on Amazon EC2. One AMI for a MySQL Database and one for the web host.

I have added an elastic IP to the web host server and have attached an A DNS record to it via Route 53 so I can access my domain.

If I were to create a load balancer, would I have to change the DNS record for the website to the load balancer's ip address? And then simply start as many instances of the web hosting ami under the load balancer as the DDoS calls for?

Is this thinking even somewhat correct?

score 1 · Accepted Answer · answered Jun 24 '11 at 10:11

A load balancer wouldn't protect you from DDoS attacks, it would just increase the amount of traffic you can handle (based on the number of backend webservers that you have at your disposal).

If you don't expect to serve a lot of traffic I wouldn't recommend setting up a load balancer just for avoiding DDoS attacks because it simply won't help that much.

Aggressive firewalling is a much better solution for this kind of problems although it's not a bullet-proof solution.

But to answer your question, if you setup a load balancer you'd need to change your DNS to point to that machine and then the load balancer would forward the traffic to your server farm.

"that machine" as in the load balancer? dns -> load balancer -> instances? — darkAsPitch, Jun 25 '11 at 05:12

score 1 · Answer 2 · edited Apr 13 '17 at 12:14

1

There is now active question about mitigating DDoS attacks in EC2. You may want to read it: Ec2 Denial of Service: Securing cloud based website from DOS attack

edited Apr 13 '17 at 12:14

Community

1

answered Jun 24 '11 at 11:06

oker

481
2
3

Basic EC2 Load Balancing Concepts

2 Answers2