In a previous post, we explained how to configure a proxy server to provide load balancing for the Impala daemon. The proxy software used was HAproxy, a free, open source load balancer. This post will demonstrate how to use Amazon’s Elastic Load Balancer (ELB) to perform Impala load balancing when running in Amazon’s Elastic Compute Cloud (EC2). Details Similar to HAproxy, an Elastic Load Balancer is a reverse proxy that will take incoming TCP connections and distribute them amongst a set of EC2 instances. This is done partly for fault tolerance and partly for load distribution. Cloudera’s Using Impala through a Proxy for High Availability details how load balancing applies to part of Impala. To summarize, the proxy will allow us to configure our Impala clients (Hue, Tableau, etc) with a single hostname and port. This well-known hostname will not have to be changed out if there were to be…
Category: Amazon Web Services
Encrypting Amazon EC2 boot volumes via Packer
In order to layer on some easy data-at-rest security, I want to encrypt the boot volumes of my Amazon EC2 instances. I also want to use the centos.org CentOS images but those are not encrypted. How can I end up with an encrypted copy of those AMIs in the fewest steps? In the past, I have used shell scripts and the AWS CLI to perform the boot volume encryption dance. The steps are basically: Deploy an instance running the source AMI. Create an image from that instance. Copy the image and encrypt the copy. Delete the unencrypted image. Terminate the instance. Add tags to new AMI. The script has a need for a lot of VPC/subnet/security group preparation (which I guess could have been added to the script), and if there were errors during the execution then cleanup was very manual (more possible script work). The script is very flexible and meets…