Gateway Load Balancer Architecture
Start course
2h 49m

This section of the Solution Architect Associate learning path introduces you to the core computing concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS compute services, understand the options available and learn how to select and apply AWS compute services to meet specific requirements. 

Want more? Try a lab playground or do a Lab Challenge

Learning Objectives

  • Learn the fundamentals of AWS compute services such as EC2, ECS, EKS, and AWS Batch
  • Understanding how load balancing and autoscaling can be used to optimize your workloads
  • Learn about the AWS serverless compute services and capabilities

One of the most fundamental architecture diagrams for the Gateway Load Balancer is shown as a way to review some of the details that we just discussed. As shown in the diagram, it's not unusual to see the Gateway Load Balancer endpoint listed as GWLBe and define each in their own subnet per availability zone. Gateway Load Balancer endpoints can be added to a route table as the next hop and integrate the Gateway Load Balancer into the traffic flow of a VPC.

 A Gateway Load Balancer endpoint is similar to AWS private link and operates across many accounts and VPCs with centralized control and administration. Also note, the ingress route table associated with the internet gateway in the customer VPC pointing to the Gateway Load Balancer endpoints accordingly. In the general process of setting up a Gateway Load Balancer, you need to provision a VPC dedicated to the Gateway Load Balancer and the third party virtual appliance software you're running on EC2 instances. You provision the Gateway Load Balancer and target groups as you would any other Elastic Load Balancer like the Application or Network Load Balancer. 

On the VPC where your application lives, you create Gateway Load Balancer endpoints on their own dedicated subnets and update the route tables to include the Gateway Load Balancer endpoints for traffic coming from your application subnets to them and traffic from the Internet Gateway to them as well, in order to integrate the security VPC to the traffic flow. 

In general, the steps are: 

Number 1, locate the partner's virtual appliance software, perhaps in AWS Marketplace. 

Step 2, launch the appliance instances in your security VPC. 

Step 3, create a Gateway Load Balancer and target group with those appliance instances. 

Step 4, create Gateway Load Balancer endpoints in the VPC where the traffic needs to be inspected. 

And step 5, update route tables to make Internet Gateway move traffic to and from the Gateway endpoints and the Gateway Load Balancer endpoint as the next-hop. 

Let's discuss this traffic flow that includes the Gateway Load Balancer with corresponding Gateway interface endpoints in a general architecture diagram.


About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.