Load balancing is a method used to distribute incoming connections across a group of servers or services.
- Elastic Load Balancing (ELB) automates distributing traffic evenly to all instances in multiple AZs within a region.
- Cross Zone Load Balancing allows load balancers to cross multiple AZs.
- SSL can be directly applied to ELB – can help reduce the compute power on an EC2 instance.
- ELB has its own DNS record, which allows access to outside.
- ELBs can be paired with Auto Scaling Groups to enhance high availability and fault tolerance.
- ELB uses the health check – direct requests to only healthy instances.
- Cross-zone LB can be enabled.
- “X-Forwarded-For” header is used to obtain the IP of an end-user in an EC2 instance.
- Sticky Sessions with ELB: EC2 instances need to keep the session info.
- Load Balancer generated cookie
- Application generated cookie
- Non-ELB Option (Recommended)
- ElastiCache or DynamoDB to find the session
- 504 error (Gateway timed out) is reported when applications do not respond within the idle timeout period.
Types of ELB
Elastic Load Balancing (ELB) provides 3 types: Application (ALB), Network (NLB), and Classic (CLB).
CLB is an old type and should be avoided. It can only be used with EC2-Classic.
- No granular routing rules. All instances get routed evenly
- Good when all instances contain the same data.
- Operates at Layer 3 & 4 (TCP & SSL) + Some Layer 7 features (X-Forwarded-For header).
- 504 error (Gateway timed out) was reported when applications do not respond.
- DNA A Record is connected to the CLB – 1 SSL Certificate per CLB.
- Offload SSL connection – HTTPS to the load balancer and HTTP to instances
ALB operates at Layer 7 (Application): the default LB for VPCs.
- Supports EC2, ECS, EKS, Lambda, HTTP, HTTPS, and Web Sockets
- Can be integrated with AWS Web Application Firewall (WAF)
- Content-based Rules (Host-based or Path-based) -> Target Groups -> Targets (Instances)
- Host-based: based on the host field of the HTTP header
- Path-based: based on the URL path of the HTTP header
- By using rules (conditions and target groups), you can redirect requests to multiple target groups.
- ALB needs to be deployed into at least 2 subnets.
NLB operates at Layer 4 (Transport)
- Low latency, source IP address preservation (packets unchanged), best performance
- Capable of handling millions of requests per second – used for extreme performance but expensive
- Targets can be addressed using IP addresses (static IP address or Elastic IP).
ELB Dynamic Ports
- Classic Load Balancer must statically map port numbers on a container instance.
- The second-generation LBs (ALB and NLB) supports dynamic ports.
- A single EC2 instance can run multiple containers that use randomly assigned ports – these port numbers are not static and may change when the instance restarts.
- Dynamic ports are controlled by target groups, which track the list of ports.
- Ideal for containerized services (docker, Elastic Container Services (ECS))
ELB Access Logs
ELB Access Logs is an optional feature that captures detailed information about requests.
- Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses.
- Captures the logs are stored in the Amazon S3 bucket.
- Each access log file is automatically encrypted using SSE-S3 before it is stored in your S3 bucket and decrypted when you access it. No user action is required.