Introduction

This document covers the basic concepts and terminology used in Amazon Web Services (AWS) regarding load balancers, and teaches you how to create and configure your own application load balancer.

By the end of this guide, you will learn:

  • What a load balancer is
  • What an application load balancer is
  • The differences between the different Load Balancer services
  • How to create an Application Load Balancer using the AWS Management Console

Concepts that wont be covered in this guide include:

  • How to create a root account
  • How to create an IAM account
  • How to create a VPC
  • How to create a security group
  • How to create an application load balancer through the command line interface

Prerequisites

Before you begin, the following services should be created on your AWS account:

  • A root account.
  • An IAM account that has the following role permissions:
    • AdministratorAccess
  • A VPC that has the following properties:
    • IPv4 CIDR block: 10.0.0.0/16
    • IPv6 CIDR block: None
    • Tenancy: Default
    • Availability Zones: 2
    • Number of public subnets: 2
    • Number of private subnets: 0
    • NAT gateways: None
    • VPC endpoints: None
    • Enable DNS hostnames: True
    • Enable DNS resolution: True
  • An EC2 instance that has the following properties:
    • AMI: Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type
    • Architecture: 64-bit(x86)
    • Instance Type: t2.micro
    • VPC: Use the one created above
    • Auto-assign public IP: Enable
    • Storage: 1x8 GiB GP2 Root Volume
    • Number of instances: 1
    • Optional: A web server of your choosing installed inside of your EC2 instance for testing purposes. The web server should have the following properties:
      • Network protocol: HTTP
      • Listening on port: 80
  • A security group with the following properties:
    • Inbound rules:
      • Type: All traffic
      • Protocol: All
      • Port Range: All

Load Balancers

What are Load Balancers?

A load balancer is a service in AWS that allows you to redistribute incoming traffic to other services within your AWS infrastructure.

Load balancers have several features, including:

  • High availability
  • Elasticity
  • Traffic load balancing
  • Health checks
  • Low running costs

Why use a Load Balancer?

The five most common use cases are:

  • to create high availability using different Availability Zones
  • to spread server load across multiple different services
  • to conduct health checks on services, and handle failures of unhealthy services
  • to expose a single point of access to multiple different services
  • to separate public traffic from private traffic

Types of Load Balancers

AWS supports four different types of load balancers:

  • Application Load Balancer
  • Network Load Balancer
  • Gateway Load Balancer
  • Classic Load Balancer (legacy)

Application Load Balancers

What is an Application Load Balancer?

An application load balancer (ALB) is a specialized type of load balancer provided by AWS that has features suited for distributing traffic between EC2 instances.

The features that application load balancers introduce include:

  • Routing rules
  • HTTP/2 support
  • WebSocket support
  • Configuration settings to return a redirection or fixed response

Why use an Application Load Balancer?

Application load balancers are best suited for when you want to redistribute traffic to EC2 instances running web application infrastructure.
These services include:

  • Static websites
  • Web applications
  • Mobile applications
  • RESTful APIs
  • Microservices

How Application Load Balancers Work

  1. The user makes a request to your application.

  2. The listeners in your load balancer receive requests matching the protocol and port that you configure.

  3. The receiving listener evaluates the incoming request against the rules you specify in your security policy, and if applicable, routes the request to the appropriate target group.

  4. Healthy targets in one or more target groups receive traffic based on the load balancing algorithm, and the routing rules you specify in the listener.

Create an Application Load Balancer

This section covers a step by step procedure for creating an application load balancer in AWS. Each sub section is organized into tasks that you will complete on separate pages. It is recommended that you read this section in a sequential order.

Sign in to IAM Account

  1. Click the Sign in button at the top right of the page.
  1. Click on the IAM user radio button.
  2. Type either your Account ID or the alias associated with your IAM into the Account ID text box.
  3. Click Next to continue to the next screen.
  1. (Optional) The account ID should automatically fill itself in. If not, type your account ID into the Account ID textbox.
  2. Type your IAM user name into the IAM user name text box.
  3. Type your password associated with your IAM user account into the Password textbox.
  4. (Optional) Check the Remember this account check box if you want AWS to remember your sign in credentials.
  5. Click Sign in to continue onto the next screen.

Find Load Balancer Management Console

To find the load balancer management console in the AWS dashboard:

  1. Type “load balancer” into the search bar located on the top navigation bar.
  2. When the pull-down menu appears, click on Services > Features > Load balancers - EC2 feature.

Note: There are several load balancers under the Feature section. Make sure you select the correct one that says EC2 feature underneath the name.

Load Balancer Management Console

The EC2 load balancer management console allows you to manage, add, and remove all the load balancers you have created under the EC2 feature type.

The Create Load Balancer button will take you to the creation wizard for creating a new load balancer.

The Actions button will open a pop up menu with options that allow you to manage any selected load balancers from the list below. The actions available for managing load balancers are:

  • Edit health check
  • Edit subnets
  • Edit IP Address type
  • Edit instances
  • Edit listeners
  • Edit security groups
  • Edit attributes
  • Delete

Below the Create and Actions button is the search bar and a list of created load balancers. This list allows you to select any load balancers you have created in order to perform management using the Action button. You can search for a load balancer by typing the name of the load balancer into the search bars textbox. Load balancers can also be ordered alphabetically by their property type by clicking on their associated property.

Each load balancer lists the following properties:

  • Name
  • DNS name
  • State
  • VPC ID
  • Availability Zones
  • Type
  • Created At

To create a new load balancer:

  1. Click on the Create Load Balancer button.

Select a Load Balancer Type

This Select a Load Balancer Type section will allow you to select a load balancer type to create. There are four types of load balancers:

  • Application Load Balancer
  • Network Load Balancer
  • Gateway Load Balancer
  • Classic Load Balancer (legacy)

To create an application load balancer:

  1. Click on the Create button, located under the Application Load Balancer table section.

Configure Basic Load Balancer Configuration

This Basic configuration section allows you to configure the basic properties of your load balancer. The three configuration options available are:

  • Load balancer name: The name of your load balancer. The name must be unique within your AWS account.
  • Scheme: Determines if the load balancer is public or private. There are two options in this menu:
  • Internet-facing: routes requests from the client to the target EC2 instance. Requires a public subnet.
  • internal: routes requests from clients to a private target. Requires a private subnet.
  • IP address type: The type of IP address your EC2 instance is using to communicate to the load balancer. There are two options in this menu:
    • IPv4: uses only IPv4 IP addresses
    • Dual Stack: uses both IPv4 and IPv6 IP addresses

To configure your load balancer, follow these steps:

  1. Type the name of your load balancer into the Load balancer name text box.
  2. Select the Internet-facing radio button under Scheme.
  3. Select the IPv4 radio button under IP address type.

Configure Network Mapping

The Network mapping section allows you to configure what targets in the designated VPC subnets the load balancer will route traffic to.
There are two configuration options in this menu:

  • VPC: The virtual private cloud that the load balancer will route to.
  • Mappings: The Availability Zones and subnets that the load balancer will route to.

To configure the network settings of your load balancer, follow these steps:

  1. Select a VPC from the drop-down menu under VPC.
  2. Select at least one Availability Zone under Mappings.
  3. Under each checked Availability Zone checkbox, a drop-down menu for subnets will appear. Select any subnet from this menu.
  4. (Optional) if IPv4 is not automatically assigned on the VPC, type an IPv4 address for the subnet in the IPv4 settings textbox.

Configure Security Groups

The Security groups section allows you to configure the firewall rules for inbound and outbound traffic on your load balancer.

There are two configuration options in the security groups menu:

  • Security groups: allows you to select a security group that has already been created.
  • Create new security group link: located below the drop down menu, allows you to create a new security group through the security management console.

Note: You can track which security policies you have selected with the blue notification boxes underneath the blue link.

To configure the security groups:

  1. Select a security group from the Security groups drop down menu.

Configure Listeners and Routing

The Listeners and routing section allows you to create and remove listeners.

The Listener configuration option allows you to create and remove listeners attached to the load balancer. The following properties are available for configuring each listener:

  • protocol: Whether HTTP or HTTPs will be used
  • port number: Which port number the listener will listen on
  • default action: The instances that the load balancer will direct traffic to, also known as the target group.

Underneath the default action selection box is a link called Create target group. You can access the create target page through this link.

To create a new target group:

  1. Click on the Create target group link. This will take you to the specify group details menu.

Configure Target Group

The Target Groups page allows you to set target groups for you application load balancer.

There are three sections in this page for creating a target group:

  • Basic configuration
  • Health Checks
  • Tags

Basic Configuration

The basic configuration section has six configuration options available:

  • Target type: The type of instance your target group will consist of
  • Target group name: The name of your target group
  • Protocol: The type of networking protocol your target group will use
  • Port: The port number the target group will listen on
  • VPC: which VPC the target group will be located in
  • Protocol version: Which HTTP or gRPC protocol version to use when sending requests to target.

To configure the target group:

  1. Select the Instance radio button under the choose a target type.
  2. Type a name for the target group name in the Target group name text box.
  3. Type 80 into the Port text box.
  4. Select your VPC under the VPC drop down menu.
  5. Select the HTTP1 radio button for the protocol version.

Configure Health Checks

The Health checks section is used to configure any health checks that will be used on target groups.

There are two main configuration settings:

  • Health check protocol: Whether or not the health check should use HTTP or HTTPS.
  • Health check path: The path the health check will be conducted on inside your target group.

On the bottom of the Health checks section is a cascaded menu called Advanced health check settings. You can click the arrow button on the left in order to reveal the hidden menu.
There are six advanced configuration settings for further customizing your health checks:

  • Port: You can specify if you want the health check to check the port that receives traffic, or a customized port
  • Healthy threshold: How many health checks will be conducted in the specified interval before it considers an unhealthy target healthy.
  • Unhealthy threshold: How many health checks will be conducted in the specified interval before it considers an healthy target unhealthy.
  • Timeout: How many seconds the health check will give to the target before it considers it unhealthy
  • Interval: The amount of seconds between each health check
  • Success codes: Specify which HTTP codes the health check will consider healthy.

To configure the health check:

  1. Select HTTP in the Health check protocol selection box.
  2. Type “/“ into the Health check path text box. This means the health check will perform the check at the root path in your instance.

Add Tags

The Tags section allows you to create tags for categorizing your target groups.

You can add any tags for this target group using the Add tag button.
To add a tag:

  1. Click on the Add tag button
  2. Type in a tag name into the Tag name textbox
  3. Click on the Next button to continue

Register Target

The register target console manager allows you to select all the instances that your load balancer will route to.

To register your target:

  1. Select the instances that you want the load balancer to route to by clicking on the check box to the left of the name.
  2. Type in 80 into the Ports for the selected instances textbox.
  3. Click the Create target group button to finish creating your target group.

Finish Creating the Listener

You will be redirected back onto the Listeners and routers page. To finish setting up the listener:

  1. Click the refresh button next to the default action selection box.
  2. Select the target group you created.
  3. Click the Create load balancer button to finish creating your load balancer.

Accessing the Application Load Balancer

In the load balancer management screen, you should see your newly created load balancer now added to the list. Under the state section in the list of load balancers, you can see what state your load balancer is currently in. You must wait for the load balancers state to change from Provisioning to Active before you can access it.

Once the state changes to Active, you can access the load balancer by copying and pasting the DNS name url to your web address.

If everything is working correctly, you should recieve an HTTP code of 200 when you access the URL. If you created a web server in the prerequisites section, the web server should output some text onto the screen.

Glossary

This section is intended to teach you the terminology and concepts used in AWS regarding load balancers. These concepts will be referenced throughout the documentation.

Health Check

A health check is the process of sending an HTTP request to each target service in order to confirm that each target service is still working. If the target service returns an HTTP status of 200, the service is considered healthy. If the service returns a different HTTP status, the service is considered unhealthy, and the load balancer will not route any traffic to that service.

To learn more about configuring health checks, refer to the Configure Health Checks section of this document.

Listener

A listener is an AWS service that attaches itself to load balancers for the purpose of listening for incoming traffic through a designated route and port number.

To learn more about configuring listeners, refer to the Configure Listeners and Routing section of this document.

Target

A target is a service within AWS that load balancers direct traffic to. Load balancers can distribute traffic to four different target types:

  • EC2 instances
  • IP addresses
  • Lambda functions
  • Application load balancers

Target Groups

A target group refers to a collection of targets of the same target type. A target group can consist of a singular target or multiple targets of the same target type.

To learn more about configuring Target Groups, refer to the Configure-Target-Group section of this document.