irfan-aws-notes

ELB-Stackset

A setup for deploying Elastic Load Balancers across multiple AWS accounts and regions. This configuration allows centralized control, ensuring consistent load balancing setups across environments, and is ideal for managing large-scale, multi-account architectures.

ESSENTIAL

Application LB

This setup distributes HTTP traffic (Layer 7) across EC2 instances for public access. It includes a target group with health checks to route traffic only to healthy instances, ensuring efficient load balancing and high availability for web applications.

Required resources

  • Name
    ALBSG
    Description

    Defines a security group for the ALB that allows inbound HTTP traffic only from CloudFront ensuring that only requests from authorized sources reach the ALB.

  • Name
    ALB
    Description

    Configures an internet-facing ALB that distributes incoming traffic to instances.

  • Name
    ALBTG
    Description

    Defines a Target Group for the ALB, specifying HTTP protocol on port 80 and targeting EC2 instances within the VPC. A health check to path / is configured to ensure traffic is routed only to healthy instances.

  • Name
    ALBListener
    Description

    Sets up an HTTP listener on port 80 for the ALB, directing incoming traffic to the ALBTG based on specified routing rules.

Security Group Configuration

ALBSG:
Type: AWS::EC2::SecurityGroup
Properties:
  GroupDescription: Allow inbound HTTP only from CloudFront
  VpcId: !Ref VPC
  SecurityGroupIngress:
    - IpProtocol: tcp
      FromPort: 80
      ToPort: 80
      SourcePrefixList: "pl-31a34658" # Prefix List for CloudFront
  Tags:
    - Key: Name
      Value: SG-ALB

Application Load Balancer Configuration

ALB:
  Type: AWS::ElasticLoadBalancingV2::LoadBalancer
  Properties:
    Name: ALB
    Subnets:
      - !Ref PublicSubnet
    SecurityGroups:
      - !Ref ALBSG
    Scheme: internet-facing

ALBTG:
  Type: AWS::ElasticLoadBalancingV2::TargetGroup
  Properties:
    Name: ALB-TG
    VpcId: !Ref VPC
    Port: 80
    Protocol: HTTP
    TargetType: instance
    HealthCheckProtocol: HTTP
    HealthCheckPort: traffic-port
    HealthCheckPath: /
    Matcher:
      HttpCode: 200-299

ALBListener:
  Type: AWS::ElasticLoadBalancingV2::Listener
  Properties:
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref ALBTG
    LoadBalancerArn: !Ref ALB
    Port: 80
    Protocol: HTTP
ESSENTIAL

Network LB

This setup handles high-performance TCP traffic (Layer 4) within a private network. It distributes requests across instances in a private subnet, with health checks and a TCP listener on port 443, making it suitable for fast, stable internal connections.

Required resources

  • Name
    NLB
    Description

    Configures an internal Network Load Balancer (NLB) to distribute TCP traffic across instances within the specified private subnet. Ideal for internal applications that require low-latency connections.

  • Name
    NLBTG
    Description

    Defines a Target Group for the NLB, configured to route TCP traffic on port 443 to EC2 instances within the VPC. Health checks are set up on the same port ensuring only healthy instances receive traffic.

  • Name
    NLBListener
    Description

    Sets up a TCP listener on port 443 for the NLB, forwarding incoming traffic to the target group NLBTG.

Network Load Balancer Configuration

NLB:
  Type: AWS::ElasticLoadBalancingV2::LoadBalancer
  Properties:
    Name: NLB
    Type: network
    Subnets:
      - !Ref PrivateSubnet
    Scheme: internal

NLBTG:
  Type: AWS::ElasticLoadBalancingV2::TargetGroup
  Properties:
    Name: NLB-TG
    VpcId: !Ref VPCId
    TargetType: instance
    Port: 443
    Protocol: TCP
    HealthCheckPort: 443
    HealthCheckProtocol: TCP

NLBListener:
  Type: AWS::ElasticLoadBalancingV2::Listener
  Properties:
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref NLBTG
    LoadBalancerArn: !Ref NLB
    Port: 443
    Protocol: TCP