Elastic Load Balancer Documentation
Overview
Elastic Load Balancing distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. Elastic Load Balancing offers four types of load balancers Application Load Balancer, Network Load Balancer, Gateway Load Balancer, and Classic Load Balancer.
Application Load Balancer
Layer-7 Load Balancing
Security
When using Amazon Virtual Private Cloud (VPC), you can create and manage security groups associated with Elastic Load Balancing to provide additional networking and security options. You can configure an Application Load Balancer to be Internet facing or create a load balancer without public IP addresses to serve as an internal (non-internet-facing) load balancer.
Outposts Support
Application Load Balancer supports AWS Outposts. Customers can provision application Load Balancers on supported instance types and the Application Load Balancer will auto scale up to the capacity available on the rack to meet varying levels of application load without manual intervention. You can also get notifications to help you navigate your load balancing related capacity needs. You can use the same AWS Console, APIs, and CLI to provision and manage Application Load Balancers on Outposts as you do with Application Load Balancers in the Region.
HTTPS Support
HTTP/2 and gRPC Support
HTTP/2 is a new version of the HyperText Transfer Protocol (HTTP) that uses a single, multiplexed connection to allow multiple requests to be sent on the same connection. It also compresses header data before sending it out in binary format and supports SSL connections to clients.
TLS Offloading
You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions. Application Load Balancer supports client TLS session termination. This enables you to offload TLS termination tasks to the load balancer, while preserving the source IP address for your back-end applications. You can choose from predefined security policies for your TLS listeners to assist you in meeting certain compliance and security standards. AWS Certificate Manager (ACM) or AWS IAM can be used to manage your server certificates.
Sticky Sessions
Native IPv6 Support
Request Tracing
The Application Load Balancer injects a new custom identifier “X-Amzn-Trace-Id” HTTP header on all requests coming into the load balancer. Request tracing allows you to track a request by its unique ID as it makes its way across various services. You can use the unique trace identifier to help uncover performance or timing issues in your application stack.
Redirects
Fixed Response
WebSockets Support
Server Name Indication (SNI)
IP addresses as Targets
You can load balance applications hosted in AWS or on-premises using IP addresses of the application backends as targets. This allows load balancing to an application backend hosted on an IP address or interface on an instance. Each application hosted on the same instance can have an associated security group and use the same port. You can also use IP addresses as targets to load balance applications hosted in on-premises locations (over a Direct Connect or VPN connection), and peered VPCs. The ability to load balance across AWS and on-premises resources helps you migrate-to-cloud, burst-to-cloud or failover-to-cloud.
Lambda functions as Targets
Application Load Balancers support invoking Lambda functions to serve HTTP(S) requests enabling users to access serverless applications from HTTP clients, including web browsers. You can register Lambda functions as targets for a load balancer and leverage the support for content-based routing rules to route requests to different Lambda functions. You can use an Application Load Balancer as a common HTTP endpoint for applications that use servers and serverless computing.
Content-based Routing
If your application is composed of several individual services, an Application Load Balancer can route a request to a service based on the content of the request such as Host field, Path URL, HTTP header, HTTP method, Query string or Source IP address.
Host-based Routing: You can route a client request based on the Host field of the HTTP header allowing you to route to multiple domains from the same load balancer.
Path-based Routing: You can route a client request based on the URL path of the HTTP header.
HTTP header-based routing: You can route a client request based on the value of a standard or custom HTTP header.
HTTP method-based routing: You can route a client request based on a standard or custom HTTP method.
Query string parameter-based routing: You can route a client request based on a query string or query parameters.
Source IP address CIDR-based routing: You can route a client request based on the source IP address CIDR from where the request originates.
Containerized Application Support
Application Load Balancer provides container support by load balancing across multiple ports on a single Amazon EC2 instance. ECS allows you to specify a dynamic port in the ECS task definition, giving the container an unused port when it is scheduled on the EC2 instance. The ECS scheduler adds the task to the load balancer using this port.
Web Application Firewall
You can use AWS WAF to help protect your web applications on your Application Load Balancers.
Slow Start Mode with Load-Balancing Algorithm
Application Load Balancer supports a round-robin load-balancing algorithm. Additionally, Application Load Balancer supports a slow start mode with the round-robin algorithm that allows you to add new targets without overwhelming them with a flood of requests. With the slow start mode, targets warm up before accepting their fair share of requests based on a ramp-up period that you specify.
User Authentication
You can offload the authentication functionality from your apps into Application Load Balancer. Application Load Balancer will help authenticate users as they access cloud applications. Application Load Balancer is integrated with Amazon Cognito If you have a custom IdP solution that is OpenID Connect-compatible, Application Load Balancer can also authenticate enterprise users by directly connecting with your identity provider.
Network Load Balancer
Network Load Balancer operates at the connection level (Layer 4), routing connections to targets (Amazon EC2 instances, microservices, and containers) within Amazon VPC, based on IP protocol data. Network Load Balancer is capable of handling millions of requests per second while maintaining low latencies. Network Load Balancer is optimized to handle sudden and volatile traffic patterns while using a single static IP address per Availability Zone. It is integrated with other AWS services such as Auto Scaling, Amazon EC2 Container Service (ECS), Amazon CloudFormation, and ACM.
Connection-based Layer 4 Load Balancing
TLS Offloading
Network Load Balancer supports client TLS session termination. This enables you to offload TLS termination tasks to the load balancer, while preserving the source IP address for your back-end applications. You can choose from predefined security policies for your TLS listeners in to assist you in meeting certain compliance and security standards.
Sticky Sessions
Low Latency
Preserve source IP address
Static IP support
Elastic IP support
Network Load Balancer allows you the option to assign an Elastic IP per Availability Zone (subnet) thereby providing your own fixed IP.
DNS Fail-over
If there are no healthy targets registered with the Network Load Balancer or if the Network Load Balancer nodes in a given zone are unhealthy, then you can set up Amazon Route 53 to direct traffic to load balancer nodes in other Availability Zones.
Integration with Amazon Route 53
In the event that your Network Load Balancer is unresponsive, integration with Route 53 will remove the unavailable load balancer IP address from service and, if available, direct traffic to an alternate Network Load Balancer in another region.
Integration with AWS Services
Network Load Balancer is integrated with other AWS services such as Auto Scaling, Elastic Container Service (ECS), CloudFormation, Elastic BeanStalk, CloudWatch, Config, CloudTrail, CodeDeploy, and ACM.
Long-lived TCP Connections
Central API Support
Network Load Balancer uses the same API as Application Load Balancer. This will enable you to work with target groups, health checks, and load balance across multiple ports on the same Amazon EC2 instance to support containerized applications.
Zonal Isolation
Gateway Load Balancer
Gateway Load Balancer helps you to deploy, scale, and manage your third-party virtual appliances. It gives you one gateway for distributing traffic across multiple virtual appliances, while scaling them up, or down, based on demand. This helps to remove potential points of failure in your network and increases availability.
You can find, test, and buy virtual appliances from third-party vendors directly in AWS Marketplace. This integrated experience assists you in the deployment process.
Scale your virtual appliance instances
Gateway Load Balancer works with AWS Auto Scaling groups and lets you to set target utilization levels for your virtual appliance instances. This helps you set the optimal amount of resources for your use case. When traffic increases, additional instances are created and connected to the Gateway Load Balancer. When traffic returns to normal levels, those instances are terminated.
Bring higher-availability to your third-party virtual appliances
Gateway Load Balancer helps improve availability and reliability by routing traffic flows through healthy virtual appliances, and rerouting flows when a virtual appliance becomes unhealthy. Gateway Load Balancer runs health checks on each virtual appliance instance on a configurable cadence. If the number of consecutive failed tests exceed a set threshold, the appliance will be declared unhealthy and traffic will no longer be routed to that instance.
Monitor continuous health and performance metrics
You can monitor your Gateway Load Balancer using CloudWatch per Availability Zone metrics. These include the total number of ENIs/interfaces, IP addresses of ENIs/interfaces, number of packets in/out, number of bytes in/out, packet errors, and packet drops, load balancer metrics (such as the number of target appliance instances, target health status, healthy/unhealthy target count, current number of active flows, max flows, and processed bytes), and VPC Endpoint metrics (such as the number of Gateway Load Balancer Endpoint mappings).
Simplify deployment with AWS Marketplace
Deploying a new virtual appliance can be as simple as selecting it in AWS Marketplace. This further simplifies deployment.
Private connectivity over the AWS network using Gateway Load Balancer Endpoints
Used by Gateway Load Balancer to connect to sources and destinations of network traffic, Gateway Load Balancer Endpoints are a new type of VPC endpoint. Powered by PrivateLink technology, it allows you to connect Internet Gateways, VPCs, and other network resources over a private connection.
Classic Load Balancer
Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level.
Layer 4 or Layer 7 Load Balancing
SSL Offloading
IPv6 Support
Additional Information
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.