Step 7: Enable additional options for the Load Balancer (optional)

Adding a security layer and enabling other options for your Load Balancer

This step is optional and not necessary to run the example application in this tutorial.

However, while it's not as important to secure a load balancer for a small web application in a tutorial, your production cloud apps require an elevated level of protection.

To set up a Web Application Firewall (WAF) for a production application, follow the steps in the Web Application Firewall procedure. You won't set up a WAF in this tutorial.

Otherwise, to skip this step, proceed to the next page in this tutorial.

In this tutorial step, for the Application Load Balancer (ALB) you created in Step 6, you will:

Enable access logging to monitor HTTP message details and record incoming traffic data. Access logs are crucial for analyzing traffic patterns and identifying potential threats, but they are not enabled by default. You must manually activate them in the load balancer's configuration settings.
Protect against requests that contain invalid headers.

Estimated time to complete Step 7: 5 minutes.

Prerequisites

Before securing a Load Balancer, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:

An Infrastructure and Plan exist, both with the name NONPROD.
The NONPROD infrastructure has EKS Enabled.
A Tenant with the name dev01 has been created.
A Host with the name host01 has been created.
A Service with the name demo-service has been created.
An HTTPS ALB Load Balancer has been created.

Select the Tenant you created

In the Tenant list box, on the upper-left side of the DuploCloud Portal, select the dev01 Tenant that you created.

Securing the Load Balancer

In the DuploCloud Portal, navigate to Kubernetes -> Services. The Services page displays.
From the Name column, select the Service to which your Load Balancer is attached (demo-service).
Click the Load Balancers tab.
In the Other Settings card, click Edit. The Other Load Balancer Settings pane displays.

In the Web ACL list box, select None, because you are not connecting a Web Application Firewall.
For this tutorial, select only the Enable Access Logs and Drop Invalid Headers options. \
Accept the Idle Timeout default setting and click Save. The Other Settings card in the Load Balancers tab is updated with your selections.

Checking your work

Verify that the Other Settings card contains the selections you made above for:

Web ACL - None
HTTP to HTTPS Redirect - False
Enable Access Logs - True
Drop Invalid Headers - True

By enabling access logs, you've taken a significant step towards enhancing the security and monitoring capabilities of your load balancer. This feature is instrumental in providing insights into the traffic accessing your application, allowing for a more robust security posture.

PreviousStep 6: Create a Load Balancer NextStep 8: Create a custom DNS Name (optional)

Last updated 11 days ago