The Application Load Balancer distributes incoming HTTP and HTTPS traffic across multiple targets such as Amazon EC2 instances, microservices, and containers, based on request attributes. When the load balancer receives a connection request, it evaluates the listener rules in priority order to determine which rule to apply, and if applicable, it selects a target from the target group for the rule action.
Inner working of ALB
AWS ALB (Application load balancer ) which is a layer 7 load balancer.
Clients make requests to your application.
We have HTTP, HTTPS, or (Both) listeners.
The listeners in your load balancer receive requests matching the protocol and port that you configure.
Rules inside each listener (at least one which would be the default action for that listener)
The receiving listener evaluates the incoming request against the rules you specify, and if applicable, routes the request to the appropriate target group. You can use an HTTPS listener to offload the work of TLS encryption and decryption to your load balancer.
Target Group (Destination ) should be one of the categories from Lamda, IP, or EC2 instances
let's jump into the creation of ALB
How to create an AWS Application Load Balancer
create target group it will open a new tab
Creating a Target Group
The description is from the AWS console
Supports load balancing to instances within a specific VPC.
Facilitates the use of Amazon EC2 Auto Scaling to manage and scale your EC2 capacity.
Supports load balancing to VPC and on-premises resources.
Facilitates routing to multiple IP addresses and network interfaces on the same instance.
Offers flexibility with microservice-based architectures, simplifying inter-application communication.
Supports IPv6 targets, enabling end-to-end IPv6 communication, and IPv4-to-IPv6 NAT.
Facilitates routing to a single Lambda function.
Accessible to Application Load Balancers only.
Right now we don't have any instances running just create a target group we will see how to add it later
go back to the load balancer page refresh and select the target group you created
Request to Response in ALB
When a client (e.g., a web browser) makes a request to your ALB, it resolves the DNS name
myfirstloadbalancer-4167611.us-east-1.elb.amazonaws.com to the associated public IP address using DNS resolution. and it is sending traffic to the target group of ec2 instances,
When we create the ALB the default SG does not allow any traffic (HTTP, HTTPS) from outside into the AWS ALB
Security Groups in AWS ALB
we need to create an SG and attach it to the ALB which will allow traffic from outside (internet)
from the side panel of the EC2 dashboard create an SG
Give the security group a name
Allow HTTP and HTTPS from everywhere
move back to the ALB page and from security TAB and this security group to AWS ALB
Let again access from the DNS record, this time we would be able to get a response from the load balancer, of
503 Service Temporarily Unavailable , because at this time our load balancer is unable to get any response from the Target group as we don't have any EC2 attached to that
503 Service Temporarily Unavailable Error in AWS ALB
I have one EC2 running in the same VPS and a simple node js application is serving
Hellow world at Port
let's see how we can get a response from port 3000 running at EC2 machine
move to your load balancer and click on target group
now access your application from the load balancer this time you will get a different error, and that is the expected result
502 Bad Gateway Error in AWS ALB
This time there is service running but it is not able to communicate because we need to do one more additional configuration to allow the load balancer to communicate with our EC2 instance on port
3000, as you can see the health of the target group is unhealthy still
Health Status AWS Target Group
go to the instance security group and allow inbound rule on port 3000 from the load balancer
allow port 3000 from the default security group of the load balancer
Finally, we can see the Hello world
Custom Domain to AWS Application Load Balancer
Navigate to your Domain provider and add a record
adjust the domain name and value according to values, when adding your main domain or subdomain
we have also learned how to add a custom domain to AWS ALB, but we have got one problem, the site is not encrypted with SSL,
SSL in AWS Application Load Balancer
Add HTTP's Listener
Add Certificate to AWS ALB
Search for AWS ACM
Verifying domain for AWS ACM
wait for a few minutes to status to
issued if you are having difficulty verifying the domain you can Edit the record with less TTL option and also verify from https://dnschecker.org/ that the value has been propagated to the DNS
now go back to the listener tab refresh and select the certification
Now we have two listeners HTTP and HTTPS
Rules Inside the Listener
Rules are evaluated in priority order, from the lowest value to the highest value. The default rule is evaluated last. You can change the priority of a nondefault rule at any time. You cannot change the priority of the default rule.
Add a rule
Select the load balancer to view its details. On the Listeners and Rules tab, do the following
On the Rules tab, choose Add rule.
Some Rules examples
Routing requests with a path pattern.
Forward all requests matching the path "/different/" to a specific server.
Routing requests based on the host address
Divert traffic from the host
HTTP Request Method-Based Routing
Routing requests based on the HTTP request method
Divert GET requests to one Target group and POST requests to another.
HTTP Header-Based Routing
Routing requests based on HTTP Headers.
Route requests with a specific HTTP header
Query String-Based Routing
Routing requests based on query strings
Route requests containing a query string with key "test" and value "secure" to a target group.
Source IP-Based Routing
Routing requests based on the source IP address.
route traffic coming from a particular IP address to a specific target group