Create an AutoStopping proxy for AWS
AutoStopping is a solution that is well-suited for use with native load-balancing options like AWS ALB. However, there are certain use cases, such as SSH/RDP/RDS connections, that cannot be addressed by native load balancer integrations for AutoStopping.
To address these use cases, AutoStopping offers a reverse proxy called the AutoStopping proxy. This proxy sits in front of the virtual machines (VMs) and manages the start and stop of the VMs based on network traffic. The proxy is capable of supporting both HTTP(S) and TCP connections.
For HTTP(S) traffic, the AutoStopping proxy provides Layer-7 load balancing and request routing capabilities, as well as SSL support. For all other TCP traffic, the proxy provides a dynamically generated ephemeral port-based configuration.
The AutoStopping proxy runs in a VM and uses the Envoy proxy, an open-source solution that has been thoroughly tested. One proxy VM can handle traffic to multiple AutoStopping-controlled VMs.
Perform the following steps to create an AutoStopping proxy for your resources in AWS:
- In Harness, go to the Cloud Costs module.
- Under Setup, click Load Balancers.
- Click Create New Load Balancer.
- Select AWS.
- Choose an existing connector or create a new one.
- Click Continue.
- Click Create AutoStopping Proxy.
- Click Continue.
- In the Create a new AutoStopping Proxy window, enter the following information:
-
Provide a name for the AutoStopping Proxy.
-
Select your preferred DNS provider and perform the mapping:
- If you select Route 53, you must choose a hosted zone from the available zones and enter the domain name. AutoStopping manages Route 53 configuration automatically.
- If you select Others, enter the URL of the DNS provider. Make sure that you have updated the DNS mapping in your DNS provider.
-
Click Continue.
-
- Select region: Select the region where you have your cloud resources hosted.
- Select the VPC from the dropdown list.
- Machine type: Select the instance family type from the dropdown list.
- TLS Certificate Secret Version: AutoStopping proxy supports PEM-encoded certificates. You need to provide the certificate and the private key. A Cert chain is not required for the configuration. On the AWS console, go to Secrets Manager, and store a secret. It is recommended to use harness/ in the secret name. You must choose the Other type of secret option. Go to https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html for more information. After successfully storing the secret, enter the Secret ARN in this field.
Sample certificate:
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
- API Key: Enter a valid API key with CCM Admin permissions generated in Harness New Generation. Choose No Expiration in the Expiration dropdown list while creating this API key. Go to Create an API Key for more information.
- Select security groups: Select the Security Group of your instance.
- Key pair: Select the SSH key pair to connect to your VM.
- This key can be used to access the machine over SSH with the ubuntu user
- TLS Private Key Secret Version: Enter the Secret ARN in this field.
Private key:
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
- Enable Allocate Static IP if you need to assign an elastic IP address to make the instance publicly accessible. Update the DNS route to point to the public IP. You don't need to enable this field if it is pointing to a private IP provided the DNS resolves. For example, when the DNS resolution is done within the VPC.
- Click Save Load Balancer.