In my last article I outlined the basics of Application Load Balancers (ALB) and how you can use these to leverage a decent saving — this saving was significantly increased earlier this year when AWS increased the number of listeners per ALB from 10 to a whopping 50!
I'll start out with the architecture diagram of an ALB.
AWS ALB Architecture
As you can see there are a quite few more moving parts when compared with its predecessor the ELB. Let’s look in more detail at what each part is and its function, while throwing out some nice, handy terraform code snippets. The code below is to be used as an example.
AWS ALB - This is the top level component in the architecture. The ALB handles the incoming traffic, offloads SSL and balances the load — duh…
ALB Listener - Listeners are assigned a specific port to keep an ear out for incoming traffic. You can have a maximum of 50 listeners assigned to each load balancer.
ALB listener rules -This is where things get pretty nifty! Each listener can have many rules, which means we can route traffic to different places based on two conditions; the path and/or the host.
Now the listener has some rules, we can forward these onto target groups. Target groups are essentially the end point of the ALB architecture . When the listener rule matches a pattern for a request, it gets forwarded to the correlating target group. The cool thing about target groups is they can directly check the health of a path, for example I have an instance that runs 2 tomcat servers Foo and Bar. I am able to check the health of Foo and Bar independently, even though they are on the same instance. Nice!
Now we have a target group we need to assign something to it. This is done through target group attachments. There are two methods here:
- Autoscaling Group Attachment for all you Chaos Monkey fans.
- Instance Attachment, for those crazy people who are not using ASG’s - But don’t worry, I’ll still show you code for both!
That is pretty much it; go forth and make yourself some Application Load Balancers using Hashicorp Terraform.
There are a few gotchas that had me going in circles for a while…
- Health checks - Because the health checks act independently if you are using an ASG inside a Target Group configuring them differently can make it difficult to track down where an issue lies.
- Security Groups - Make sure the ALB has rights to call the application in the target group, otherwise it will always be unhealthy.
- Internal and external - An ALB can have the internal property like the ELB. If you have a service that needs both an internal and external endpoint you will need to add 2 target groups to 2 listener rules on 2 different ALBs.
- Dependencies - I have had to add a few “dependson” statements otherwise Terraform got its knickers in a twist and started shouting about cycling… as if getting on a bike is going to help here!