Elastic Load Balancer (ELB) is a service provided by Amazon Web Services (AWS) that automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. ELB enables your applications to handle more traffic and improves fault tolerance by ensuring high availability, fault tolerance, and security. It allows for dynamic scalability by responding to the traffic changes in real time.

In this comprehensive guide, we will discuss everything you need to know about ELB, including the various types of load balancers available, how to configure and optimize them, scaling with ELB, health checks, security settings, monitoring, and best practices.

What is an Elastic Load Balancer?

Elastic Load Balancer (ELB) is a fully managed load balancing service provided by AWS. ELB automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, IP addresses, and Lambda functions, in one or more Availability Zones.

Key benefits include:

• High Availability: ELB ensures that traffic is distributed across multiple instances and Availability Zones to maintain application uptime.
• Fault Tolerance: ELB automatically detects unhealthy targets and routes traffic to healthy instances.
• Security: ELB works with AWS services like Identity and Access Management (IAM), Security Groups, and Web Application Firewall (WAF) to ensure a secure environment.
• Scalability: It automatically scales to accommodate increased or decreased traffic, ensuring that your application can handle changes in demand.

Types of Load Balancers in AWS

AWS provides three types of load balancers that cater to different application requirements:

Application Load Balancer (ALB)

Designed for HTTP and HTTPS traffic, ALB operates at the Layer 7 (Application Layer) of the OSI model. ALB is ideal for microservices and container-based applications because it offers advanced routing features.

Key Features:

• Content-based routing
• Host-based and path-based routing
• WebSocket and HTTP/2 support
• SSL/TLS termination
• Sticky sessions

Network Load Balancer (NLB)

NLB operates at Layer 4 (Transport Layer) and is designed to handle high-throughput, low-latency traffic. It’s perfect for scenarios requiring fast processing, such as financial services or real-time applications.

Key Features:

• Ultra-low latency
• Direct IP-based routing
• Preserves source IP addresses
• Load balancing for TCP, UDP, and TLS traffic

Gateway Load Balancer (GLB)

Gateway Load Balancer operates at Layer 3 and is used primarily for security appliances like firewalls and intrusion detection systems. It simplifies deploying and scaling third-party virtual appliances.

Key Features:

• Enables transparent deployment of virtual appliances
• Operates at Layer 3 for advanced network-level traffic inspection
• Integrates with third-party appliance vendors

Choosing the Right Load Balancer

The type of load balancer you choose depends on your application’s architecture and traffic requirements. For HTTP-based applications, ALB is ideal, while for highly demanding TCP-based applications, NLB is better. For advanced security use cases, GLB is the optimal choice.

How ELB Works

An Elastic Load Balancer works by distributing incoming traffic (requests) to multiple targets, such as EC2 instances, based on a set of rules and conditions. When an ELB is configured, it:

• Accepts Traffic: The ELB is configured to listen to specific ports (e.g., HTTP: 80, HTTPS: 443).
• Distributes Traffic: The ELB routes traffic to registered targets (e.g., EC2 instances) according to rules and health checks.
• Monitors Health: ELB continuously monitors the health of targets using health checks to ensure that traffic is only sent to healthy instances.

ELB can be used with Auto Scaling Groups to dynamically adjust the number of instances behind the load balancer to match traffic demands, ensuring scalability and high availability.

Prerequisites for ELB Configuration

Before configuring an ELB, ensure you have the following prerequisites in place:

1. VPC Setup: You should have a Virtual Private Cloud (VPC) with at least two subnets in different Availability Zones to ensure fault tolerance and high availability.
2. EC2 Instances: Make sure you have instances running in multiple Availability Zones with proper security group configurations.
3. Security Groups: Security groups for your load balancer and EC2 instances must allow the necessary inbound traffic on the appropriate ports (HTTP, HTTPS).
4. SSL Certificates: If you are setting up an HTTPS load balancer, you’ll need an SSL/TLS certificate. You can use AWS Certificate Manager (ACM) to manage certificates.

Step by Step Guide to ELB Configuration

This section covers the steps involved in setting up an ELB via the AWS Management Console.

Navigate to the Load Balancer Section

• Log into the AWS Management Console.
• Go to the EC2 Dashboard and scroll down to find Load Balancers under the "Load Balancing" section.

Choose the Load Balancer Type

• Click on Create Load Balancer.
• Choose the type of load balancer (ALB, NLB, or GLB) based on your application needs.

Configure Basic Settings

• Name: Provide a descriptive name for your load balancer.
• Scheme: Choose between Internet facing (for external traffic) or Internal (for internal/private traffic within your VPC).
• Network Mapping: Select the VPC where the ELB will be placed, and choose subnets from different Availability Zones to distribute traffic for high availability.

Configure Listeners and Routing

• Listeners: Define the listener ports and protocols (e.g., HTTP 80 or HTTPS 443).
  • For HTTPS, associate an SSL/TLS certificate via ACM.
• Target Groups: Create a target group to specify where the traffic should be routed (EC2 instances, IPs, or Lambda functions).
  • Choose the Target Type: Instances, IP Addresses, or Lambda Functions.
  • Define Health Check settings to monitor target health.

Register Targets

• Select the EC2 instances or IP addresses that will handle the traffic distributed by the load balancer.
• Review the security groups and make sure the necessary ports (e.g., 80 for HTTP, 443 for HTTPS) are open.

Review and Create

• Review your configuration and click Create Load Balancer.
• AWS will provision your ELB, and it should be ready within a few minutes.

Health Checks for ELB

Health checks are an essential feature of ELB, ensuring that traffic is only routed to healthy targets. ELB continuously monitors the health of the registered instances by sending periodic requests. If a target is deemed unhealthy, the ELB stops sending traffic to it until it recovers.

Configuring Health Checks

• Go to the Target Groups section in the ELB configuration.
• Select Health Checks and configure the following settings:
  • Protocol: Choose HTTP, HTTPS, or TCP based on your application.
  • Port: Specify the port on which the health check should be performed.
  • Path: For HTTP/HTTPS health checks, provide the URL path (e.g., /healthcheck).
  • Healthy/Unhealthy Thresholds: Define how many consecutive successes or failures indicate a healthy or unhealthy state.
  • Interval and Timeout: Set the frequency and timeout for health check requests.

Health Check Best Practices

• Always set a custom health check URL that accurately reflects the health of your application.
• Use higher thresholds for critical applications to avoid false positives or negatives.

SSL/TLS Certificates with ELB

If your application requires secure communication over HTTPS, you’ll need to configure SSL/TLS termination on the load balancer.

Using AWS Certificate Manager (ACM)

1. Obtain a Certificate: Go to AWS Certificate Manager (ACM) in the console and request an SSL/TLS certificate.
2. Attach Certificate to ELB: When setting up your load balancer, select the HTTPS listener and associate the ACM certificate.

Configuring SSL Offloading

SSL Offloading allows you to offload the SSL encryption/decryption from the backend instances to the load balancer, reducing the computational load on your instances.

Advanced Security SSL/TLS Policies

You can apply custom SSL policies to ensure your load balancer uses only the most secure encryption protocols (e.g., TLS 1.2 or 1.3). Go to the Listeners section in the ELB configuration to update the SSL policy.