top of page
GeekGuy

Setup AWS Application Load Balancer with Static IP using Global Accelerator

Updated: Jun 24, 2022



TL;DR

 

Session 1: Create Application Load Balancer

A load balancer takes requests from clients and distributes them across targets in a target group.

Before you begin, ensure that you have a virtual private cloud (VPC) with at least one public subnet in each of the Availability Zones used by your targets.

To create a load balancer using the AWS CLI, see Tutorial: Create an Application Load Balancer using the AWS CLI.

To create a load balancer using the AWS Management Console, complete the following tasks.


Step 1: Configure a load balancer and a listener

First, provide some basic configuration information for your load balancer, such as a name, a network, and one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and a port for connections from clients to the load balancer. For more information about supported protocols and ports, see Listener configuration.

To configure your load balancer and listener:

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.

  3. Choose Create Load Balancer.

  4. For Application Load Balancer, choose Create.

  5. For Name, enter a name for your load balancer. For example, my-alb.

  6. For Scheme, an internet-facing load balancer routes requests from clients over the internet to targets. An internal load balancer routes requests to targets using private IP addresses.

  7. For IP address type, choose ipv4 if your clients use IPv4 addresses to communicate with the load balancer, or choose dualstack if your clients use both IPv4 and IPv6 addresses to communicate with the load balancer. If the load balancer is an internal load balancer, you must choose ipv4.

  8. For Listeners, the default is a listener that accepts HTTP traffic on port 80. You can keep the default listener settings, modify the protocol, or modify the port. Choose Add to add another listener (for example, an HTTPS listener).

  9. Select one subnet per zone to enable. If you enabled dual-stack mode for the load balancer, select subnets with associated IPv6 CIDR blocks. You can specify one of the following:

    1. Subnets from at least two Availability Zones

    2. Subnets from one or more Local Zones

    3. One Outpost subnet

  10. You can use Add-on services, AWS Global Accelerator to create an accelerator and associate the load balancer with the accelerator.

  11. (Optional) For Tags, specify the key and value for each tag to add to your load balancer.

  12. Choose Next: Configure Security Settings.

Step 2: Configure security settings for a HTTPS listener

If you created an HTTPS listener in the previous step, configure the required security settings. Otherwise, go to the next page in the wizard.

When you use HTTPS for your load balancer listener, you must deploy an SSL certificate on your load balancer. The load balancer uses this certificate to terminate the connection and decrypt requests from clients before sending them to the targets. For more information, see SSL certificates. You must also specify the security policy that the load balancer uses to negotiate SSL connections with the clients. For more information, see Security policies.

To configure a certificate and security policy

  1. For Select default certificate, do one of the following:

    1. If you created or imported a certificate using AWS Certificate Manager, select Choose a certificate from ACM, and then select the certificate from Certificate name.

    2. If you uploaded a certificate using IAM, select Choose a certificate from IAM, and then select the certificate from Certificate name.

  2. For Security policy, we recommend that you keep the default security policy.

  3. Choose Next: Configure Security Groups.

Step 3: Configure a security group

The security group for your load balancer must allow it to communicate with registered targets on both the listener port and the health check port. The console can create a security group for your load balancer on your behalf with rules that allow this communication. If you prefer, you can create a security group and select it instead. For more information, see Recommended rules.

To configure a security group for your load balancer

  1. Choose Create a new security group.

  2. Enter a name and description for the security group, or keep the default name and description. This new security group contains a rule that allows traffic to the port that you selected for your load balancer on the Configure Load Balancer page.

  3. Choose Next: Configure Routing.


Step 4: Configure a target group

You register targets with a target group. The target group that you configure in this step is used as the target group in the default listener rule, which forwards requests to the target group. For more information, see Target groups for your Application Load Balancers.

To configure your target group

  1. For Target group, keep the default, New target group.

  2. For Name, enter a name for the target group.

  3. For Target type, select Instance to register targets by instance ID, IP to register IP addresses, and Lambda function to register a Lambda function.

  4. (Optional) If the target type is Instance or IP, modify the port and protocol as needed.

  5. (Optional) If the target type is Lambda function, enable health checks as needed.

  6. For Health checks, keep the default health check settings.

  7. Choose Next: Register Targets.

Step 5: Configure targets for a target group

With an Application Load Balancer, the target type of your target group determines how you register targets with the target group.


To register targets by instance ID

  1. For Instances, select one or more instances.

  2. Enter the instance listener port, and then choose Add to registered.

  3. When you have finished registering instances, choose Next: Review.


To register IP addresses

  1. For each IP address to register, do the following:

    1. For Network, if the IP address is from a subnet of the target group VPC, select the VPC. Otherwise, select Other private IP address.

    2. For IP, enter the IP address.

    3. For Port, enter the port.

    4. Choose Add to list.

  2. When you have finished adding IP addresses to the list, choose Next: Review.


To register a Lambda function

  1. For Lambda function, do one of the following:

    1. Select the Lambda function

    2. Create a new Lambda function and select it

    3. Register the Lambda function after you create the target group

  2. Choose Next: Review.


Step 6: Create the load balancer

After creating your load balancer, you can verify that your targets have passed the initial health check and then test that the load balancer is sending traffic to your targets. When you are finished with your load balancer, you can delete it. For more information, see Delete an Application Load Balancer.

To create the load balancer

  1. On the Review page, choose Create.

  2. After the load balancer is created, choose Close.

  3. (Optional) To define additional listener rules that forward requests based on a path pattern or a hostname, see Add a rule.

 

Session 2: Configure Route53 to use AWS Global Accelerator

After creating ALB with Global Accelerator, you must update your DNS configuration to direct traffic to the static IP addresses or DNS name for the accelerator. Traffic won't go through the accelerator to your load balancer until your configuration changes are complete.

The static IP or DNS name of Global Accelerator is like:

  • 15.197.145.106

  • 3.33.156.182

  • n63u7k9eblc30w14r.awsglobalaccelerator.com

After you create your load balancer by choosing the Global Accelerator add-on on the Amazon EC2 console, go to the Integrated services tab to see the static IP addresses and Domain Name System (DNS) name for your accelerator. You use this information to start routing user traffic to the load balancer over the AWS global network. For more information about the DNS name assigned to your accelerator, see DNS addressing and custom domains in AWS Global Accelerator.

You can view and configure your accelerator by navigating to Global Accelerator in the AWS Management Console. For example, you can see the accelerators that are associated with your account or add additional load balancers to your accelerator. For more information, see Viewing your accelerators and Creating or updating a standard accelerator.


 

Session 3: Pricing

With AWS Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see AWS Global Accelerator Pricing.


AWS Global Accelerator Pricing
 

Session 4: Stop using the accelerator

If you'd like to stop routing traffic through Global Accelerator to your load balancer, do the following:

  1. Update your DNS configuration to point your traffic directly to the load balancer.

  2. Delete the load balancer from the accelerator. For more information, see To remove an endpoint in Adding, editing, or removing a standard endpoint.

    1. Open Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.

    2. On the accelerators page, choose an accelerator.

    3. In the Listeners section, for Listener ID, choose the ID of a listener.

    4. In the Endpoint groups section, for Endpoint group ID, choose the ID of the endpoint group.

    5. Choose Remove Endpoint.

    6. In the confirmation dialog box, choose Remove.

  3. Delete a AWS Global Accelerator. For more information, see Deleting an accelerator.

    1. Open Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.

    2. In the list, choose an accelerator that you want to delete.

    3. Choose Delete. If you haven't disabled the accelerator from ALB, Delete is unavailable.

    4. In the confirmation dialog, choose Delete. Important: When you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them.


1,408 views0 comments

Related Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
Stationary photo

Be the first to know

Subscribe to our newsletter to receive news and updates.

Thanks for submitting!

Follow us
bottom of page