Solution 1:

No. This is what Elastic Load Balancer is for, anyway.

Solution 2:

Update 2021. You can use it. But you probably shouldn't. There is very little justification to do so now. The Elastic Load Balancer should do most of what most people would need.


The accepted answer is no longer true.

In general you should use the ELB. However you may find a rare need that the ELB can't fulfil and you'd prefer to use keepalived even though it goes against best practice.

Keepalived & VRRP works within an Amazon VPC. It does not work with ec2-classic.

With keepalived you use the notify or notify_master commands in keepalived.conf.

The notify script then calls the aws cli with disassociate-address and associate-address options to unbind and then bind the address, rather than through the VIP mechanism of keepalived itself. It works OK.

Here is an example notify script:

#!/bin/bash

TYPE=$1
NAME=$2
STATE=$3
      
function die
{
    echo "${1-Died} at ${BASH_SOURCE[1]}:${FUNCNAME[1]} line ${BASH_LINENO[0]}."
    exit 1
}

function master
{
    # Check if an elastic IP is defined
    test -n "$EC2_EIP" || die 'elastic ip not defined'

    # Attempt to read the instance-id
    EC2_INSTANCE_ID="`wget -q -O - http://instance-data/latest/meta-data/instance-id || die \"wget instance-id has failed: $?\"`"
    test -n "$EC2_INSTANCE_ID" || die 'cannot obtain instance-id'

    if [ -z $EC2_REGION ]; then
        # Get the region if not set
        EC2_AVAIL_ZONE=`wget -q -O - http://instance-data/latest/meta-data/placement/availability-zone`
      EC2_REGION="`echo \"$EC2_AVAIL_ZONE\" | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
    fi

    # Call into ec2. Make sure ec2 output
    echo "aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION"
    /usr/bin/aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION
    if [ $? -eq 0 ]; then
        echo "disassocate-address: success"
    fi;

    echo "aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION"
    /usr/bin/aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION
    if [ $? -eq 0 ]; then
        echo "associate-address: success"
    fi;
}

case $STATE in
        "MASTER") master
                  exit 0
                  ;;
        "BACKUP") exit 0
                  ;;
        "FAULT")  exit 0
                  ;;
        *)        echo "unknown state"
                  exit 1
                  ;;
esac

For more detailed information and working examples visit the following links:

  • keepalived and haproxy in aws an exploratory guide
  • IP Multicast on ec2 -- who said vrrp doesn't work on AWS? --