TL;DR
Session 1: Create Application Load Balancer
A load balancer takes requests from clients and distributes them across targets in a target group.
Before you begin, ensure that you have a virtual private cloud (VPC) with at least one public subnet in each of the Availability Zones used by your targets.
To create a load balancer using the AWS CLI, see Tutorial: Create an Application Load Balancer using the AWS CLI.
To create a load balancer using the AWS Management Console, complete the following tasks.
Step 1: Configure a load balancer and a listener
First, provide some basic configuration information for your load balancer, such as a name, a network, and one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and a port for connections from clients to the load balancer. For more information about supported protocols and ports, see Listener configuration.
To configure your load balancer and listener:
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the navigation pane, under LOAD BALANCING, choose Load Balancers.
Choose Create Load Balancer.
For Application Load Balancer, choose Create.
For Name, enter a name for your load balancer. For example, my-alb.
For Scheme, an internet-facing load balancer routes requests from clients over the internet to targets. An internal load balancer routes requests to targets using private IP addresses.
For IP address type, choose ipv4 if your clients use IPv4 addresses to communicate with the load balancer, or choose dualstack if your clients use both IPv4 and IPv6 addresses to communicate with the load balancer. If the load balancer is an internal load balancer, you must choose ipv4.
For Listeners, the default is a listener that accepts HTTP traffic on port 80. You can keep the default listener settings, modify the protocol, or modify the port. Choose Add to add another listener (for example, an HTTPS listener).
Select one subnet per zone to enable. If you enabled dual-stack mode for the load balancer, select subnets with associated IPv6 CIDR blocks. You can specify one of the following:
Subnets from at least two Availability Zones
Subnets from one or more Local Zones
One Outpost subnet
You can use Add-on services, AWS Global Accelerator to create an accelerator and associate the load balancer with the accelerator.
(Optional) For Tags, specify the key and value for each tag to add to your load balancer.
Choose Next: Configure Security Settings.
Step 2: Configure security settings for a HTTPS listener
If you created an HTTPS listener in the previous step, configure the required security settings. Otherwise, go to the next page in the wizard.
When you use HTTPS for your load balancer listener, you must deploy an SSL certificate on your load balancer. The load balancer uses this certificate to terminate the connection and decrypt requests from clients before sending them to the targets. For more information, see SSL certificates. You must also specify the security policy that the load balancer uses to negotiate SSL connections with the clients. For more information, see Security policies.
To configure a certificate and security policy
For Select default certificate, do one of the following:
If you created or imported a certificate using AWS Certificate Manager, select Choose a certificate from ACM, and then select the certificate from Certificate name.
If you uploaded a certificate using IAM, select Choose a certificate from IAM, and then select the certificate from Certificate name.
For Security policy, we recommend that you keep the default security policy.
Choose Next: Configure Security Groups.
Step 3: Configure a security group
The security group for your load balancer must allow it to communicate with registered targets on both the listener port and the health check port. The console can create a security group for your load balancer on your behalf with rules that allow this communication. If you prefer, you can create a security group and select it instead. For more information, see Recommended rules.
To configure a security group for your load balancer
Choose Create a new security group.
Enter a name and description for the security group, or keep the default name and description. This new security group contains a rule that allows traffic to the port that you selected for your load balancer on the Configure Load Balancer page.
Choose Next: Configure Routing.
Step 4: Configure a target group
You register targets with a target group. The target group that you configure in this step is used as the target group in the default listener rule, which forwards requests to the target group. For more information, see Target groups for your Application Load Balancers.
To configure your target group
For Target group, keep the default, New target group.
For Name, enter a name for the target group.
For Target type, select Instance to register targets by instance ID, IP to register IP addresses, and Lambda function to register a Lambda function.
(Optional) If the target type is Instance or IP, modify the port and protocol as needed.
(Optional) If the target type is Lambda function, enable health checks as needed.
For Health checks, keep the default health check settings.
Choose Next: Register Targets.
Step 5: Configure targets for a target group
With an Application Load Balancer, the target type of your target group determines how you register targets with the target group.
To register targets by instance ID
For Instances, select one or more instances.
Enter the instance listener port, and then choose Add to registered.
When you have finished registering instances, choose Next: Review.
To register IP addresses
For each IP address to register, do the following:
For Network, if the IP address is from a subnet of the target group VPC, select the VPC. Otherwise, select Other private IP address.
For IP, enter the IP address.
For Port, enter the port.
Choose Add to list.
When you have finished adding IP addresses to the list, choose Next: Review.
To register a Lambda function
For Lambda function, do one of the following:
Select the Lambda function
Create a new Lambda function and select it
Register the Lambda function after you create the target group
Choose Next: Review.
Step 6: Create the load balancer
After creating your load balancer, you can verify that your targets have passed the initial health check and then test that the load balancer is sending traffic to your targets. When you are finished with your load balancer, you can delete it. For more information, see Delete an Application Load Balancer.
To create the load balancer
On the Review page, choose Create.
After the load balancer is created, choose Close.
(Optional) To define additional listener rules that forward requests based on a path pattern or a hostname, see Add a rule.
Session 2: Configure Route53 to use AWS Global Accelerator
After creating ALB with Global Accelerator, you must update your DNS configuration to direct traffic to the static IP addresses or DNS name for the accelerator. Traffic won't go through the accelerator to your load balancer until your configuration changes are complete.
The static IP or DNS name of Global Accelerator is like:
15.197.145.106
3.33.156.182
n63u7k9eblc30w14r.awsglobalaccelerator.com
After you create your load balancer by choosing the Global Accelerator add-on on the Amazon EC2 console, go to the Integrated services tab to see the static IP addresses and Domain Name System (DNS) name for your accelerator. You use this information to start routing user traffic to the load balancer over the AWS global network. For more information about the DNS name assigned to your accelerator, see DNS addressing and custom domains in AWS Global Accelerator.
You can view and configure your accelerator by navigating to Global Accelerator in the AWS Management Console. For example, you can see the accelerators that are associated with your account or add additional load balancers to your accelerator. For more information, see Viewing your accelerators and Creating or updating a standard accelerator.
Session 3: Pricing
With AWS Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see AWS Global Accelerator Pricing.
Session 4: Stop using the accelerator
If you'd like to stop routing traffic through Global Accelerator to your load balancer, do the following:
Update your DNS configuration to point your traffic directly to the load balancer.
Delete the load balancer from the accelerator. For more information, see To remove an endpoint in Adding, editing, or removing a standard endpoint.
Open Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
On the accelerators page, choose an accelerator.
In the Listeners section, for Listener ID, choose the ID of a listener.
In the Endpoint groups section, for Endpoint group ID, choose the ID of the endpoint group.
Choose Remove Endpoint.
In the confirmation dialog box, choose Remove.
Delete a AWS Global Accelerator. For more information, see Deleting an accelerator.
Open Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
In the list, choose an accelerator that you want to delete.
Choose Delete. If you haven't disabled the accelerator from ALB, Delete is unavailable.
In the confirmation dialog, choose Delete. Important: When you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them.
Comments