AWS Load Balancers

# CHAPTER 11

AWS Load Balancers #

1. Introduction #

If you launch a single EC2 web server and point your domain name to its Elastic IP, your architecture is inherently fragile. If that specific server crashes due to a hardware failure, or if it runs out of CPU during a sudden spike in traffic, your entire application goes offline. Professional architectures utilize multiple servers to achieve High Availability. But how do you route users to multiple servers using only one domain name? In this chapter, we will master Elastic Load Balancing (ELB), the intelligent traffic cops of the AWS cloud.

2. Learning Objectives #

By the end of this chapter, you will be able to:

• Define High Availability and Fault Tolerance.

• Understand the role of an Elastic Load Balancer (ELB).

• Differentiate between the Application Load Balancer (ALB) and Network Load Balancer (NLB).

• Understand Health Checks and Target Groups.

• Architect a multi-AZ load-balanced infrastructure.

3. Beginner-Friendly Explanation #

Imagine a popular Bank with one single teller (A single EC2 server). If 50 people walk into the bank, a massive line forms. If the teller faints, the bank stops operating.

Now, the bank hires 3 tellers (3 EC2 servers) and places a Manager at the front door (The Load Balancer). When customers walk in, the Manager directs them: "You go to Teller 1, you go to Teller 2, you go to Teller 3." The Manager constantly watches the tellers (Health Checks). If Teller 2 faints, the Manager instantly stops sending customers to Teller 2, routing everyone to Tellers 1 and 3 instead. The customers never experience an interruption.

4. High Availability (Multi-AZ) #

A Load Balancer provides High Availability. You launch three EC2 instances, but critically, you place them in *three different Availability Zones* (e.g., AZ-A, AZ-B, AZ-C). You place the Load Balancer in front of them. If a fire destroys the entire AZ-A data center, the Load Balancer instantly detects the failure and routes 100% of the traffic to the surviving servers in AZ-B and AZ-C. Your users never know a data center burned down.

5. Types of Load Balancers #

AWS provides different load balancers for different OSI network layers:

1. 1. Application Load Balancer (ALB): Operates at Layer 7 (HTTP/HTTPS). It is highly intelligent. It can look *inside* the web request. If a user requests myapp.com/api, the ALB can route them to backend Server A. If they request myapp.com/images, it routes them to Server B. This is the standard choice for web applications.

1. 2. Network Load Balancer (NLB): Operates at Layer 4 (TCP/UDP). It does not look inside the request; it just forwards raw data at lightning speed. It handles millions of requests per second with ultra-low latency. Used for extreme performance needs or non-HTTP traffic (like multiplayer gaming servers).

1. 3. Gateway Load Balancer (GWLB): Used specifically for deploying third-party virtual firewalls.

6. Target Groups and Health Checks #

A Load Balancer does not route directly to instances; it routes to a Target Group. A Target Group is simply a logical grouping of your EC2 instances.

The Load Balancer performs continuous Health Checks on the Target Group. Every 10 seconds, it sends a tiny ping (like requesting /index.html) to each EC2 instance. If an instance responds with a 200 OK, it is marked "Healthy". If it fails to respond 3 times in a row, it is marked "Unhealthy," and the Load Balancer stops sending it traffic.

7. Mini Project: Configure an Application Load Balancer #

Let's build a highly available web architecture.

Step-by-Step Conceptual Tutorial:

1. 1. Launch 2 EC2 Instances: Launch one in us-east-1a and one in us-east-1b. Install an Apache web server on both. Edit the HTML on Server 1 to say "Hello from AZ-A", and Server 2 to say "Hello from AZ-B".

1. 2. Create a Target Group: In the EC2 console, go to Target Groups. Create a new group called Web-Targets. Select Port 80 (HTTP). Select both of your running instances and register them to the group.

1. 3. Create the ALB: In the EC2 console, go to Load Balancers. Create an Application Load Balancer. Name it MyWebALB. Make it "Internet-facing". Select both AZs (us-east-1a and 1b).

1. 4. Configure Routing: Tell the ALB to listen on Port 80, and forward the traffic to the Web-Targets Target Group you created in step 2.

1. 5. Launch: Click Create. Once the ALB is active, copy its long DNS URL (e.g., mywebalb-123.elb.amazonaws.com) and paste it into your browser.

1. 6. Test it: Hit refresh 5 times. You will see the page flip back and forth between "Hello from AZ-A" and "Hello from AZ-B". The Load Balancer is distributing your traffic!

8. Best Practices #

• Terminate SSL at the Load Balancer: Never install HTTPS/SSL certificates manually on your individual EC2 instances. It is a nightmare to manage. Instead, use AWS Certificate Manager (ACM) to attach a free SSL certificate directly to the Application Load Balancer. The ALB decrypts the HTTPS traffic and passes standard HTTP to your EC2 instances inside the secure private VPC.

9. Common Mistakes #

• Applying the Wrong Security Group: Load Balancers have their own Security Groups! If your EC2 instances allow Port 80, but your Load Balancer's Security Group denies Port 80, your website will be unreachable. You must allow Port 80/443 on the ALB, and then configure your EC2 instances' Security Group to *only* accept traffic coming from the ALB's Security Group.

10. Exercises #

1. 1. Explain the architectural difference between an Application Load Balancer (ALB) and a Network Load Balancer (NLB).

1. 2. What is the purpose of an ALB Health Check?

11. MCQs with Answers #

12. Interview Questions #

• Q: Explain how an Application Load Balancer enables High Availability across multiple Availability Zones. How does a Target Group fit into this architecture?

• Q: Describe the architectural pattern of "SSL Offloading" (or SSL Termination) using an Application Load Balancer and AWS Certificate Manager (ACM). Why is this preferred over installing SSL certificates directly on EC2 instances?

13. FAQs #

Q: Does an Application Load Balancer have an IP address? A: No! Unlike EC2 instances, an ALB scales automatically under the hood to handle massive traffic spikes. Because AWS is constantly adding and removing IP addresses from the ALB to handle the load, AWS only provides you with a DNS Name (a URL). You must use Route 53 (Alias Records) to point your custom domain to this DNS name.

14. Summary #

In Chapter 11, we achieved High Availability by distributing our web traffic. We explored the mechanics of Elastic Load Balancing, contrasting the intelligent, HTTP-aware Application Load Balancer (ALB) with the ultra-fast Network Load Balancer (NLB). We configured Target Groups to cluster our EC2 instances and implemented Health Checks to automatically identify and isolate failing servers. Ultimately, we architected a robust multi-AZ environment capable of surviving the complete loss of a physical data center.

15. Next Chapter Recommendation #

Our load balancer can split traffic between 3 servers. But what if traffic spikes so high that 3 servers aren't enough? Do you have to log in and launch more manually? Proceed to Chapter 12: AWS Auto Scaling.