In many test scenarios, you want to hit an internal application running on a private AWS subnet. The application access is managed by an internal ELB with a distinct security group. A quick way to enable RedLine13 and other load testing agents is to use a security group with only outbound access. Then allow the Internal ELB to be accessed by servers in this security group. These test agents will need a public IP, but you will not need to regularly update the Internal ELB security group to allow access
- Can you create a security group?
- Can you modify or add a security group to Internal ELB?
- Are you ok with allowing agents to have a public IP?
- If no, then the more complicated mechanism of using NAT Gateways and Private Subnets are documented in the article Load Testing with private subnets and NAT.
Step 1 – Create Security Group
- Do not add any Inbound Rules
- Add open outbound HTTP and HTTPS rules
Step 2 – Update Internal ELB to allow access from the security group you created
- Go to your Load Balancers
- Select Internal Load Balancer
- Open the Security Tab
- Select Security Group
- Add rules for your protocols and allow the source to be custom IP, select your security group from above
Step 3 – Create your Cheat Sheet
Agent Security Group: _________
Agent Subnet : ______________
Internal ELB URL : ________________
Step 4 – Run a load test using your new configuration
A RedLine13 Simple Test will be the easiest way to validate that everything is working
a. Specify the URL for the internal ELB
b. Expand the Advanced Cloud Options
- Enter Subnet
- Enter Security group
- Uncheck – “Associate a public IP address.”
c. Start Test and See Results