Application Load Balancers
Application Load Balancers
2h 49m

This section of the Solution Architect Associate learning path introduces you to the core computing concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS compute services, understand the options available and learn how to select and apply AWS compute services to meet specific requirements. 

Want more? Try a lab playground or do a Lab Challenge

Learning Objectives

  • Learn the fundamentals of AWS compute services such as EC2, ECS, EKS, and AWS Batch
  • Understanding how load balancing and autoscaling can be used to optimize your workloads
  • Learn about the AWS serverless compute services and capabilities

Hello and welcome to this lecture covering the Application Load Balancer, the ALB. The first of the three load balancers that I shall be discussing. If you are familiar with the open systems interconnection model, the OSI model, then you won't be surprised that the ALB operates at layer seven, the application layer. The application layer of the OSI model serves as the interface for users and application processes to access network services. Everything at this layer is application specific. The application layer of the model helps to provide network services to the applications. And examples of the application process or services it offers are http, ftp, smtp and nfs. For more information on the OSI model, please see our existing course here.

As you can see AWS suggests you use the application load balancer if you need to provide a flexible feature set including advanced routing and visibility features aimed purely for application architectures such as microservices and containers when used in HTTP or HTTPS. Before configuring your ALB, it's good practice to set up your target groups. Now I explained in a previous lecture that a target group is simply a group of resources that you want your ALB to route requests to. You might want to configure different target groups depending on the nature of your requests. For example, let's say you had an internet-facing ALB, you might want a target group allocated to handle and process HTTP port 80 requests and a different target group configured to process requests from the secure HTTPS protocol using port 443. In this scenario, you could configure two different target groups and then route traffic, depending on the request, to different targets through the use of listeners and rules. 

I now want to demonstrate how to configure an ALB and in this demonstration, I will also show you how to set up target groups as well. Let's take a look. 

As you can see, I'm in the AWS management console and the first thing we want to do is create our target groups and I can do this by going into the EC2 service which is found here under compute. And then if I scroll down on the left-hand side, I'll get to the load balancing section here. Then in here, I have load balancers and target groups, but first I want to set up our target groups. So, if you select target group, as you can see there's no target groups currently configured. So if I click on the blue button, Create target group, I now have a page of information that I need to complete. 

So, firstly the target group name and I'm going to call this Web Servers. And then I have my target type and here I can specify it by instance, IP or Lambda function. I'm going to leave it as instance, then we can select what protocol we want. As this is going to be a web service, I'll leave it as HTTP on port 80 and here we can select our VPC that we want this target group to exist in. So, select my appropriate virtual private cloud there. At the bottom we just have some health check settings and this is the path and protocol that the load balance will use when performing its health checks. So, for the path I'll just put in index.html as an example. If we take a look at the advanced health check settings, here we have a number of other options that we can select. 

This value specifies the healthy threshold which means the load balancer will have to receive five responses from the instance before deeming the previously unhealthy target healthy again, and the unhealthy threshold means that the load balancer only has to receive two failures before marking the instance as unhealthy. The timeout is simply the number of seconds that the load balancer will wait for a response, and the interval is how many seconds between each health check. Once we're happy with our configuration, we'll click on Create. Looks like I left this space in the name and you can't have any spaces. So let's just delete that and click on Create. And there you go, our target group was successfully created, and now we can see it in our list of target groups. 

However, we don't have any targets associated with this group yet. That was just simply the configuration of the group. So, down here we have the Description, the Targets, the Health checks, Monitoring and Tags, but if we click on the Targets tab, then here we can start adding our targets associated with this target group. And if we click on Edit, we can see here at the bottom that there's two instances that I have running, web server one, and web server two. Now here I can select which instance I want to add and associate to this target group. For this demonstration, I'm going to select both instances and then add these as registered targets to this group. And as you can see, these two instances have now been added under the Registered targets section. Click on Save. And we can see here, that we have two registered targets which are the ones I just added, web server one and web server two, now associated to this target group. 

Let's just quickly look at these other tags here as well, the Health checks, that's the health check information that we configured during the creation of the target group; Monitoring, this shows a number of CloudWatch metrics associated with the target group such as number of healthy hosts and unhealthy hosts et cetera. And then we also have Tags if you wanted to create a key-value pair for your target group and you can do so here. So, as you can see, it's very easy to create different target groups as you need to for your load balancing. 

Let us now go ahead and create an Application Load Balancer. So, back on the left-hand side here, again under Load Balancing, we have Load Balancers. So if you select that. Now I don't have any load balancers configured here. So if I click on Create Load Balancer, and I can create an Application Load Balancer and Network Load Balancer or the Classic. In this example, I'm going to create the Application Load Balancer. So, click on Create. Now here we have a number of different steps. Firstly, we need to give it a name. So this would be WebServerALB, and we'll have this as internet-facing using ipv4. Now down here we have our listeners. So this is the port and protocol that we want the load balancer to listen on and as this is our web server, let's leave it as HTTP on port 80. If you want to add additional listeners, then you can do so just by selecting Add Listener and selecting the different protocols et cetera. Now if we scroll down to the bottom here, we can select our Availability Zones that we want to enable for our load balancer. So for eu-west-1a, let me select this subnet and for eu-west-1b I, shall select this subnet. So there are the two subnets that I want to associate with the load balancer, and each of them are in a set per availability zone as you can see here. 

Now I need to go and configure my security settings. And I have a message here to say that the load balancer security is not using a secure listener. Now, if we were to go back and change that to HTTPS, then we would be using a secure listener and we'd also have to set up server certificates as well, but for this demonstration, I just want to show you how to create the Application Load Balancer, but generally in a wide-scale production environment, if you're creating a load balancer for your internet-facing resources, then you'd probably want to use https for that additional security. Click on next. 

Now we'll need to select the security group that is going to be associated to our load balancer. So we could create a new security group, call this our Application Load Balancer. So we'll have HTTP from any IP address, and we click on that Next Configure Reading. And this is where we can specify our target group for the Application Load Balancer. So we can create a new target group here and go through the same process as we did earlier or click on the dropdown list and select an existing target group and here we can see that we have our WebServers target group that we created earlier with all the settings already pre-filled. Click on Next Register Targets, and here we can see that these are the two targets associated with the target group. Click on Next Review. And this is just a review of all the configuration options that we made during the creation of this. Once you're happy with that, simply click on Create. And then we have it. 

We have our new load balancer, our WebServerALB was successfully created. So, let's take a look. This might take it a couple of minutes for it to be provisioned. While that's being provisioned, if we take a look at the bottom here, we can see that we have some basic configuration that we've set up with the availability zones, the fact that it's internet-facing, and we have the ARN et cetera as well. We have our listener configuration here that we can change if we need to. As we can see, at the minute we're listening on port 80. Again, we have some monitoring metrics here being carried out by CloudWatch. We'll see a number of different CloudWatch metrics. Actually, we can now see that that the state is now active. So that's our Application Load Balancer set up and configured. 

Now before I finish this quick demonstration, I just want to show you the rules that I mentioned earlier with regards to listeners. So, if we go down to our Listeners tab here, we can see that we can view and edit our rules for our listener. So if we click on that, at the moment we can see that we have our default action here listening on port 80. We can see that this rule cannot be moved or deleted. That's basically saying that this listener is listening on port 80 and for any requests then forward it to the WebServers. But we can add additional rules in here. So let's take a look. So if we click on this plus button, we can see that we now have this option here of Insert Rule. So, let me select that, and that allows me to add a new rule in. So, first we need to add a condition. So, for example, let's have the condition of a Source IP, then we just put in a random IP address here. So, this is saying if the source IP is this IP address, then add the following action, and here we could choose to forward it to another target group. I mean, I've only got one target group configured at the minute called WebServers, but if I had other target groups here with different instances associated to those target groups, then I could select a different target group to forward any requests that are received from this IP address. So that allows you to customize how your load balancer directs traffic, depending on what rules you create with your listeners. So, when I was talking about conditions and rules in a previous lecture, then this is the section that I was referring to. So I just wanted to show you that quickly within this demonstration, where you can edit your rules and add customization with conditions and actions. 

Okay, and that's the end of this demonstration.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.