Application Load Balancer (ALB)
What is ALB?
- Application-layer (Layer 7) load balancer in ELB family
- Handles HTTP/HTTPS traffic
- Supports content-based routing, SSL termination, and WebSocket
While Creating
- Launch it in Public AZ for internet facing
- AllowHTTP Port 80 in SG of ALB
Core Components
1) Listener
- Defines protocol and port (e.g., HTTP:80, HTTPS:443)
- that the ALB uses to listen for incoming traffic
For HTTPS, must define SSL/TLS certificate:
- ALB can decrypt SSL → reduces backend load
- Works with AWS ACM (free certs)
Best Practices
- Terminate SSL at ALB for centralized cert management
- Boosts performance by offloading resource-intensive SSL task
2) Target Groups
- Collections of targets (e.g., EC2, Lambda, IP)
- That Receive traffic based on listener rules
- Health checks defined at TG level
See 14 Target Groups for more details.
3) Listener Rules
Rules are Used to Route traffic to TG based on the if condition on each request of listener
If Conditions:
- ✔ Path-based → /api → API service
- ✔ Host-based → admin.site.com → Admin service
- ✔ Header-based → based on HTTP headers
- ✔ Use Weighted Target Routing when multiple TGs are used
Then: Action
- FW 30% traffic to TG
- Redirect to URL
- Return Fixed Response
Rule Types:
- Default Rule → used when no custom rule matches
- Custom Rules → evaluated top to bottom
Info
✔ALB rules have unique priorities (1–50,000); lower runs first, default runs last. ✔Use gaps (e.g., 100, 200) for easy future rule additions.
Weighted Routing on TG
Weight value is proportional, Use to split traffic across multiple TG.
| Target Group | If Weight | Traffic |
|---|---|---|
| tg-blue | 80 | 80% |
| tg-green | 20 | 20% |
Target Group Stickiness
- Enable on a rule to bind user sessions to the same target
- Why: Useful when your app stores session data locally on the instance (i.e., not in a shared DB or Redis)
- How: Only works if client supports cookie
Key Features
WebSocket & HTTP/2
- ALB Supports real-time comms & modern protocols
- Great for chat apps, live updates, etc.
AWS WAF Support
- Add extra security with AWS WAF
- Protects against DDoS, SQLi, XSS
Pricing
Charged based on:
- ALB uptime (per hour)
- LCU (Load Balancer Capacity Units)
Problem
ALBs don’t support static IPs (only a static DNS name), which is problematic for external DNS providers. Solution: NLB → ALB → Instance