AWS Elastic Load Balancing (ELB): A Comprehensive Cheat Sheet

What is Elastic Load Balancing?

AWS Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets—such as Amazon EC2 instances, containers, IP addresses, and Lambda functions—in one or more Availability Zones. ELB helps you achieve greater levels of fault tolerance in your applications by seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.

Core ELB Concepts

• Listener: A process that checks for connection requests from clients, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets.

• Target Group: A logical grouping of targets, such as EC2 instances, that receive traffic from the load balancer. You define health check settings for your load balancer on a per-target-group basis. Traffic is routed to all healthy targets in a target group.

• Health Checks: The load balancer periodically sends requests to its registered targets to test their status. If a target fails a health check, the load balancer stops sending traffic to it and reroutes traffic to healthy targets until the failed target is healthy again.

The Four Types of Load Balancers: A Comparison

Choosing the right load balancer is critical as each is designed for specific use cases.

| Feature | Application Load Balancer (ALB) | Network Load Balancer (NLB) | Gateway Load Balancer (GWLB) | Classic Load Balancer (CLB) |

| :--- | :--- | :--- | :--- | :--- |

| OSI Layer | Layer 7 (Application) | Layer 4 (Transport) | Layer 3/4 (Network/Transport) | Layer 4 / Layer 7 |

| Protocols | HTTP, HTTPS, gRPC | TCP, UDP, TLS | IP (for packet forwarding) | TCP, SSL/TLS, HTTP, HTTPS |

| Target IP | Can have a dynamic IP address. | Provides a static IP address (Elastic IP) per AZ. | Provides a static IP address (Elastic IP) per AZ. | Can have a dynamic IP address. |

| Primary Use Case | Flexible application routing, microservices, container-based apps. | Extreme performance, TCP/UDP traffic, stable source IP requirements. | Deploying, scaling, and managing third-party virtual security appliances. | Legacy applications already built on EC2-Classic. |

Application Load Balancer (ALB)

The ALB is the best choice for modern, flexible web applications. As a Layer 7 load balancer, it can inspect application-level content, not just ports and IP addresses.

• Advanced Routing: Supports routing rules based on path (example.com/images), hostname (images.example.com), HTTP headers, and query string parameters. This makes it ideal for microservice and container-based architectures.

• Target Types: Can route traffic to EC2 instances, containers (ECS), Lambda functions, and IP addresses.

• Security: Supports HTTPS and provides integrated SSL/TLS certificate management through AWS Certificate Manager (ACM). It also integrates with AWS WAF.

Network Load Balancer (NLB)

The NLB is built for extreme performance and reliability. Operating at Layer 4, it can handle millions of requests per second with ultra-low latency.

• Performance: Optimized for volatile traffic patterns and capable of handling sudden and significant traffic spikes.

• Static IP: Provides a static Elastic IP address for each Availability Zone it is enabled in. This is useful when the consumer of your service needs to whitelist a stable IP address.

• Source IP Preservation: The NLB preserves the client-side source IP address, which is then visible to your backend applications.

Gateway Load Balancer (GWLB)

The GWLB is a specialized load balancer that makes it easy to deploy, scale, and manage a fleet of third-party virtual appliances, such as firewalls, intrusion detection and prevention systems (IDS/IPS), and deep packet inspection systems.

• Transparent Network Gateway: It operates as a transparent bump-in-the-wire. You route all traffic through the GWLB, which then distributes it to your fleet of virtual appliances for inspection before sending it on to the final destination.

• Centralized Security: Simplifies your network architecture by centralizing security and traffic inspection in one place.

• Partner Integrations: Works with a wide range of virtual appliances available in the AWS Marketplace.

Classic Load Balancer (CLB)

This is the previous generation of load balancer. While still available, AWS strongly recommends using Application Load Balancers or Network Load Balancers for new applications.

• Legacy Support: Best suited for applications built within the EC2-Classic network.

• Limited Routing: Provides basic Layer 4 load balancing for TCP traffic and Layer 7 load balancing for HTTP/HTTPS, but lacks the advanced routing features of an ALB.

Key Features Explained

• Cross-Zone Load Balancing: When enabled, the load balancer distributes traffic evenly across all registered targets in all enabled Availability Zones. When disabled, traffic is only distributed among the targets in the same AZ that received the request.

  • ALB: Enabled by default and cannot be disabled.

  • NLB/GWLB: Disabled by default. You pay for inter-AZ data transfer if you enable it.

  • CLB: Disabled by default.

• SSL/TLS Termination: You can offload the work of encrypting and decrypting traffic from your backend instances to the load balancer. You install your SSL/TLS certificate on the load balancer (ALB, NLB, CLB), which simplifies certificate management and reduces the CPU load on your targets.

• Sticky Sessions (Session Affinity): This feature enables the load balancer to bind a user's session to a specific target. This ensures that all requests from the user during the session are sent to the same target, which is useful for applications that maintain state information. This is supported by ALBs and CLBs.