AWS/ALB

From Christoph's Personal Wiki
Jump to: navigation, search

Amazon Web Services (AWS) - Application Load Balancer (ALB) is a Layer 7 (application layer) load balancer (in the OSI model). It was released by Amazon in August 2016.

Features

  • Path-based routing
  • Containerized application support
  • HTTP/2 support
  • WebSockets support
  • Sticky sessions
  • Health Checks
  • High Availability (HA)
  • HTTPS support
  • Access Logs
  • Forwards requests to backends synchronously
  • Can look into HTTP path to route traffic


Classic (ELB) vs. ALB
Feature ELB ALB
TCP/IP support yes no
HTTP support yes yes
HTTPS support yes yes
HTTP/2 support no yes
WebSockets support no yes
Path-based routing no yes
Containerized application support yes* yes
Connection draining yes yes
Sticky sessions yes yes*
Health Checks yes* yes
High Availability yes yes
Access Logs / monitoring yes* yes

* Better support in the other LB type


API access with IAM

As of January 2017, the API for ALBs does not support resource-level permissions.

Below is a list of resource-level permissions for classic ELBs (see: here for a complete list with examples):

  • elasticloadbalancing:
Write Access
  • AddTags
  • CreateListener
  • CreateLoadBalancer
  • CreateRule
  • CreateTargetGroup
  • DeleteListener
  • DeleteLoadBalancer
  • DeleteRule
  • DeleteTargetGroup
  • DeregisterTargets
  • ModifyListener
  • ModifyLoadBalancerAttribute
  • ModifyRule
  • ModifyTargetGroup
  • ModifyTargetGroupAttribute
  • RegisterTargets
  • RemoveTags
  • SetRulePriorities
  • SetSecurityGroups
  • SetSubnets
Read Access
  • DescribeListeners
  • DescribeLoadBalancerAttributes
  • DescribeRules
  • DescribeSSLPolicies
  • DescribeTags
  • DescribeTargetGroupAttributes
  • DescribeTargetGroups
  • DescribeTargetHealth

An example IAM Policy Document that allows all read access to an ELB:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "elasticloadbalancing:Describe*"
      ],
      "Resource": "*"
    }
  ]
}

Note: Use CloudTrail to audit all API calls. Make sure to enable CloudTrail on your account.

CloudTrail records the following API calls:

  • Identity of the API caller (e.g., user)
  • Timestamp of the API call
  • Source IP address of the API caller
  • Request parameters
  • Response elements

Pricing

See: ALB Pricing for details.

With the Application Load Balancer, you only pay for what you use. You are charged for each hour or partial hour your Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

  • Pay for per hour your ALB is running
  • Pay for per number of used Load Balancer Capacity Units (LCUs):
    • New connections: 1 LCU = 25 new connections/second
    • Active connections: 1 LCU = 3,000 active connections/minute
    • Bandwidth: 1 LCU = 2.22 Mbps
  • One is charged only on the dimension with the highest usage (i.e., new connections, active connections, or bandwidth)
Pricing example (us-west-2 / Oregon)
  • ALB runs for 1 month
  • 1 new connection/second
  • Connections last on average for 500 ms
  • 300 KB transferred/connection
  • Thus,
    • ALB hours: 24 hours * 30 = 720 hours
    • Dimension #1: New connections/second: 1 / 25 = 0.04 LCU
    • Dimension #2: Active connections/minute: 1 * 0.5 * 60 / 3000 = 0.01 LCU
    • Dimension #3: Bandwidth in Mbits: 300 * 1024 * 8 / 1000 / 1000 * 0.5 = 0.55 LCU
  • Dimension #3 has the highest LCU usage, so:
    • 720 * $0.0225 + 0.55 * $0.008 = $16.20
  • Thus, the ALB will cost $16.20/month

External links