We're migrating our deployment from regular EC2 into a VPC, we have two load balancers in the public cloud that we have a number of domain "A" records pointed at, however I didn't realize that a public Elastic IP could not be attached to a VPC instance, you must use VPC based Elastic IP's.
So you're aware, our LB's are HAProxy based instances, NOT Elastic Load Balancers. So we've got Apache to work with here if that helps answer my question or offers an alternative.
Because not all of the domains in question pointing at the public LB's are under my control, it's very difficult to schedule the change to DNS with everyone, lets call it impossible.
So my question is, is it possible that I can redirect calls to our public LB's to their replacements in the VPC? This would have to be transparent while we go through our clients and have them update their DNS.
Any suggestions would be greatly appreciated!
EDIT: To expand just a little, it would be a benefit if I could do this simply using EC2 features so I don't have to keep the two public LB instances running. Failing that, I need to know specifically how to accomplish the "redirect", is it done in DNS, or is it done somewhere else?
EDIT 2: Nobody was able to offer any insights into an Amazon specific resolution that didn't require the LB instances to remain up, so I've outlined what we did with HAProxy in the selected answer below.
You could redirect requests to your regular EC2 load balancers to your VPC load balancers. That's an extra hop for everyone who hasn't updated their DNS, but it's only temporary and good motivation for your clients to update ASAP.
Since noone was able to provide the specifics, here's what we did:
First, we're a RightScale client so if you are too, you need to turn off the
reconvergescript which runs every 15 min or so using their provided operational script. This will prevent the script from overwriting your changes when it doesn't find any active app servers and removes any references.Next, in
/etc/haproxywe updated thehaproxy.cfgbackend section, the final line of what looks to be the default stuff is:So just below that where the app servers would be defined we included:
We have two LB's so we just pointed one old to one new, respectively. Everything is working like a charm. We'll leave these two old LB's up for a couple weeks while our clients update their DNS and then bring them down afterwards, saved a lot of headache rather than trying to organize everyone's IT into a scheduled move!
If you're trying to keep the local dns information hidden, I suggest your best bet is either:
a) Stand up an internal DNS server, properly firewalled to only serve DNS requests within your system.
b) Automate management of individual /etc/hosts files (Chef, Puppet, CFEngine, Ansible, etc etc.)
If you're not concerned with revealing the DNS information via public query, why not simply use the CNAME information in your external DNS provider (Or AWS's Route53) i.e.:
example.yourdomain.com => ec2-10-10-10-10.compute-1.amazonaws.com