Configure an AWS Network Load Balancer

This guide shows you how to configure a Network Load Balancer in AWS for Prisma Cloud Console. Console serves its UI and API on ports 8081 (HTTP) and 8083 (HTTPS). And Defender communicates with Console over a websocket on port 8084. You’ll set up a single load balancer to forward requests for both port 8083 and 8084 to Console, with the load balancer checking Console’s health using the
/api/v1/_ping
endpoint on port 8081.
Prerequisites:
Console is fully operational. You have created your first admin user, entered your license key, and you can access the web interface.
  1. Log into the AWS Management Console.
  2. Go to
    Services > Compute > EC2
    .
  3. In the left menu, go to
    LOAD BALANCING > Load Balancers
    .
  4. Create a load balancer.
    1. Click
      Create Load Balancer
      .
    2. In
      Network Load Balancer
      , click
      Create
      .
    3. Give your load balancer a name, such as
      tw-nlb
      .
    4. Create the following listener configuration:
      • Load Balancer Protocol
        : TCP
      • Load Balancer Port
        : 8083
      • Load Balancer Protocol
        : TCP
      • Load Balancer Port
        : 8084
    5. Select a
      VPC
      . Make sure your instance is in the same VPC.
    6. Click
      Next Configure Routing
      .
    7. Select a
      Target group
      if already defined. If not, select
      New target group
      .
    8. Give your target group a name, such as
      tw-8083
      .
    9. Create the following listener configuration:
      • Protocol
        : TCP
      • Port
        : 8083
      • Target type
        : instance
      • Health Checks
      • Protocol
        : HTTP
      • Path
        : /api/v1/_ping
    10. Under
      Advanced health check settings
      select
      • Port
        : override 8081
    11. Click
      Next: Register Targets
      .
    12. Search for your instance by name, select it, and click on
      Add to registered
      .
    13. Click
      Next: Review
      >
      Create
      .
  5. Configure an additional
    Target Group
    for port
    8084
    .
    1. In the left menu, go to
      LOAD BALANCING > Target Groups
      .
    2. Click
      Create target group
      .
    3. Give your target group a name, such as
      tw-8084
      :
      • Protocol
        : TCP
      • Port
        : 8084
      • Target type
        : instance
      • VPC
        : <same as that of instance>
      • Health check settings
      • Protocol
        : HTTP
      • Path
        : /api/v1/_ping
    4. Under
      Advanced health check settings
      select
      • Port
        : override 8081
    5. Click
      Create
    6. After target group is created, click on the
      Targets
      tab of the selected target group (tw-8084, in this example).
    7. Click
      Edit
    8. Search for your instance by name, select it, click
      Add to registered
      , then click
      Save
      .
  6. Configure your load balancer to direct TCP traffic on 8084 to your newly created target group (tw-8084).
    1. In the left menu, go to
      LOAD BALANCING > Load Balancers
      , then click on your load balancer (tw-nlb).
    2. Click the
      Listeners
      tab.
    3. Select
      TCP: 8084
      under
      Listener ID
      .
    4. Click
      Edit
      .
    5. Delete the existing
      Default action
      .
    6. Click
      Add action
      >
      Forward to
      >
      tw-8084
      .
    7. Select the checkbox to add your entry, then click
      Update
      .
      For complete install procedure on Amazon ECS environment, follow steps in Install Prisma Cloud on Amazon ECS.

Recommended For You