Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones.
- Listener: A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets.
Listener rules for routing requests
The rules that you define for your listener determine how the load balancer routes requests to the targets in one or more target groups.
- Each rule can include zero or one of the following conditions: host-header, http-request-method, path-pattern, and source-ip, and zero or more of the following conditions: http-header and query-string.
- Each rule must include exactly one of the following actions: forward, redirect, or fixed-response, and it must be the last action to be performed.
Reference and image credit: https://ealtili.medium.com/deep-dive-on-advanced-features-on-aws-application-load-balancer-and-network-load-balancer-49b05662e06
- Path based routing
- Host based routing
ALB – >Target Group <- ASG
To use Elastic Load Balancing with your Auto Scaling group, you attach the load balancer to your Auto Scaling group to register the group with the load balancer.
Slow start mode allows new targets to be added without overwhelming them with a flood of requests. The load balancer linearly increases the number of requests sent to a new target in a target group during the window. The duration of the window can be configured from 30 seconds to 15 mins.
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Server Name Indication (SNI)
With SNI, multiple secure (HTTPS) applications can be hosted on one load balancer, each with its own SSL certificate.
Before SNI feature was released by AWS, Application Load Balancers supported only one certificate for a standard HTTPS listener (port 443) and you had to use Wildcard or Multi-Domain (SAN) certificates to host multiple secure applications behind the same load balancer
Authentication at ALB
You can configure an Application Load Balancer to securely authenticate users as they access your applications. This enables you to offload the work of authenticating users to your load balancer so that your applications can focus on their business logic.
You can enable or disable the Availability Zones for your load balancer at any time. After you enable an Availability Zone, the load balancer starts routing requests to the registered targets in that Availability Zone