Application Load Balancer(ALB)

AWS Application Load Balancer (ALB) is a managed service that automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It operates at the application layer (Layer 7) and is well-suited for handling HTTP and HTTPS traffic. Here’s what you need to know about ALB:

1. Layer 7 Load Balancing

ALB operates at the Application Layer (Layer 7) of the OSI model, allowing it to make routing decisions based on the content of the request (e.g., URL path, HTTP headers, hostnames). This capability enables advanced routing features like path-based and host-based routing.

2. Routing Capabilities

Path-based Routing: You can route traffic based on the URL path, enabling you to direct requests to specific targets based on URL patterns (e.g., /api/* to a set of services).
Host-based Routing: Direct requests based on the Host header, allowing different domains to be routed to specific targets (e.g., example.com vs. api.example.com).
Query String and Header Routing: ALB can also route traffic based on query string parameters or HTTP headers, enabling complex and dynamic routing use cases.
Priority-based Rules: Routing rules have a priority, and ALB evaluates them in order. The first rule that matches a request is used to determine the appropriate target.

3. Listener Rules

Listeners: ALB uses listeners to check for connection requests. Each listener is configured with a protocol (HTTP/HTTPS) and a port (e.g., port 80 for HTTP, port 443 for HTTPS).
Rules: You can define rules for each listener to determine how to route requests to target groups based on content. Each rule consists of a condition (path, host, headers) and an action (forward, redirect, or return a fixed response).

4. Target Groups

Targets: ALB routes traffic to registered targets, which can include:
- Amazon EC2 instances
- ECS containers
- Lambda functions
- IP addresses
Target Groups: Targets are grouped into target groups, allowing for flexible management and routing of traffic. A target can belong to multiple target groups.
Health Checks: ALB performs health checks on targets within a target group. You can configure health checks based on HTTP/HTTPS responses to ensure traffic is only routed to healthy targets.

5. SSL Termination (HTTPS Support)

ALB supports SSL/TLS termination, allowing it to decrypt incoming SSL/TLS traffic before routing it to the targets. This offloads the decryption workload from your targets and simplifies SSL/TLS certificate management.
SSL Certificates: You can use SSL certificates from AWS Certificate Manager (ACM) or upload custom certificates. You can also use multiple SSL certificates on a single ALB (SNI – Server Name Indication support).

6. WebSocket and HTTP/2 Support

ALB natively supports WebSocket and HTTP/2 protocols, which can improve performance and provide support for modern application features like real-time messaging.

7. Security Features

AWS WAF Integration: ALB integrates with AWS Web Application Firewall (WAF), allowing you to set up rules to filter web requests based on criteria such as IP addresses, query string parameters, or specific SQL injection patterns.
Security Groups: You can associate a security group with your ALB to control inbound and outbound traffic.
Access Logs: ALB can store access logs in an S3 bucket, which provides detailed information about client requests. Logs include information like the source IP, request path, and response time.

8. Sticky Sessions (Session Persistence)

ALB supports sticky sessions, also known as session persistence. This feature uses cookies to bind a user’s session to a specific target within a target group, ensuring subsequent requests are sent to the same target.
You can customize the duration and properties of the sticky session cookies.

9. Load Balancing for Microservices

ALB is ideal for microservices architectures due to its content-based routing, which allows you to route requests to different services based on URL paths or hostnames.
ALB integrates seamlessly with Amazon ECS, EKS, and Kubernetes, supporting containerized environments and dynamic target registration.

10. Redirects and Fixed Responses

HTTP Redirects: ALB allows you to redirect incoming requests from HTTP to HTTPS, or from one URL to another, improving SEO and enforcing security best practices.
Fixed Responses: You can configure fixed responses for specific listener rules, which is helpful for returning custom error messages or maintenance notifications without hitting the backend targets.

11. Elasticity and High Availability

ALB is fully managed and highly available. It automatically scales in and out based on incoming traffic. ALB is deployed across multiple Availability Zones (AZs) by default, enhancing resilience and availability.

12. Logging and Monitoring

Access Logs: ALB can store detailed access logs in S3, including information about the client, request, target, and response. This data is useful for debugging, security analysis, and compliance.
CloudWatch Metrics: ALB publishes metrics to Amazon CloudWatch, such as request counts, error rates, and target response times. These metrics help monitor the health and performance of your application.

13. Cross-Zone Load Balancing

ALB supports cross-zone load balancing, which distributes incoming traffic evenly across all registered targets in all enabled Availability Zones. This ensures more efficient utilization of resources and improved application resilience.

14. ALB Pricing

ALB pricing is based on:
- Hours of Load Balancer Usage: The number of hours the ALB is running.
- Data Processed: The amount of data processed by the ALB, which includes both incoming and outgoing traffic.
- LCU (Load Balancer Capacity Units): Pricing is based on metrics like new connections, active connections, processed bytes, and rule evaluations. One LCU represents the maximum usage of these dimensions.

15. Routing to AWS Lambda

ALB supports routing to AWS Lambda functions, allowing you to handle requests without managing servers. This is useful for serverless applications and functions that handle specific routes or API endpoints.

When using ALB with web applications, you may need to handle CORS (Cross-Origin Resource Sharing) to control how resources are requested from a different domain. Configuring CORS on ALB helps manage these security constraints for web clients.

17. Idle Timeout Configuration

ALB allows you to set an idle timeout for the connections it manages, which is the amount of time ALB waits before closing an idle connection. This can be tuned to fit the needs of your application.

1. Layer 7 Load Balancing​

2. Routing Capabilities​

3. Listener Rules​

4. Target Groups​

5. SSL Termination (HTTPS Support)​

6. WebSocket and HTTP/2 Support​

7. Security Features​

8. Sticky Sessions (Session Persistence)​

9. Load Balancing for Microservices​

10. Redirects and Fixed Responses​

11. Elasticity and High Availability​

12. Logging and Monitoring​

13. Cross-Zone Load Balancing​

14. ALB Pricing​

15. Routing to AWS Lambda​

16. Cross-Origin Resource Sharing (CORS)​

17. Idle Timeout Configuration​