Stacktape
Stacktape

Application Load Balancers



An Application Load Balancer (ALB) serves as a single point of contact for clients and distributes incoming application traffic across multiple targets, such as containers and Lambda functions. It operates at the application layer (layer 7) and is ideal for load balancing HTTP and HTTPS traffic.

ALBs can be integrated with various compute resources, offload SSL/TLS termination, and be configured with custom domain names or fronted by a CDN.

Under the hood, Stacktape uses AWS Application Load Balancer.

When to use them

ALBs are a good fit for most modern cloud applications. They offer high throughput and low latency, making them suitable for demanding workloads.

Advantages

  • Predictable pricing: ALBs have a predictable pricing model, which can be more cost-effective than HTTP API Gateways for high-traffic applications.
  • Scalability: ALBs can handle millions of requests per second and scale automatically as traffic grows.
  • Health checks: When used with container workloads, an ALB periodically checks the health of each container and only routes traffic to healthy ones.
  • Content-based routing: ALBs can route requests to different services based on the content of the request, such as the URL path, HTTP header, or query string.
  • Security: You can offload SSL/TLS termination to the load balancer, encrypting traffic between the client and the ALB.

Disadvantages

  • Fixed cost: ALBs have a fixed monthly cost (around $20/month), even if they are idle. For low-traffic applications, an HTTP API Gateway might be a more cost-effective choice.

Basic usage

ApplicationLoadBalancer  API reference
type
Required
properties.interface
Default: internet
properties.customDomains
properties.listeners
properties.cdn
properties.alarms
properties.disabledGlobalAlarms
properties.useFirewall
overrides
resources:
  myLoadBalancer:
    type: 'application-load-balancer'


  basicLambda:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: 'lambdas/js-lambda.js'
      events:
        - type: application-load-balancer
          properties:
            loadBalancerName: myLoadBalancer
            priority: 5
            paths:
              - '*'

An Application Load Balancer with a Lambda function integration.

Integrating with compute resources

You can forward requests from an ALB to your compute resources by creating an event integration on a multi-container workload, function, or batch job.

Each integration must specify:

  • loadBalancerName: The name of the ALB that will forward requests.
  • priority: A number that determines the order in which the integration rules are evaluated (from lowest to highest).
  • condition: A set of rules that determine which requests are forwarded to the resource. Conditions can be based on the URL path, query string, headers, and other request properties.

The following example shows two integrations:

  • The first integration forwards all requests (*) to a multi-container workload.
  • The second integration, which has a lower priority and is evaluated first, forwards any requests with a URL path prefixed with /lambda-service/ to a Lambda function.
resources:
  myLoadBalancer:
    type: 'application-load-balancer'


  mySingleContainer:
    type: 'multi-container-workload'
    properties:
      containers:
        - name: myCont
          packaging:
            type: stacktape-image-buildpack
            properties:
              entryfilePath: containers/ts-container.ts
          environment:
            - name: PORT
              value: '80'
          events:
            - type: application-load-balancer
              properties:
                loadBalancerName: myLoadBalancer
                containerPort: 80
                priority: 3
                paths:
                  - '*'
      resources:
        cpu: 0.25
        memory: 512


  myFunction:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: my-lambda.js
      events:
        - type: application-load-balancer
          properties:
            loadBalancerName: myLoadBalancer
            priority: 2
            paths:
              - '/lambda-service/*'

An ALB with integrations for both a function and a multi-container workload.

For more information, see the documentation on integrating ALBs with functions, multi-container workloads, and batch jobs.

Custom domain names

You can use a custom domain for your ALB. If you don't have one, you can register one through Stacktape.

If you already have a domain, you can either let Stacktape manage it (if you use AWS Route 53 for DNS) or use a third-party DNS provider.

For more details, see the Domains and Certificates page.

Using Stacktape to manage domains and certs

Stacktape allows you to connect your custom domain names to various resources, including Web Services, HTTP API Gateways, Application Load Balancers, and Buckets with CDNs.

When you connect a custom domain, Stacktape automatically:

  • Creates DNS records: A DNS record is created to point your domain name to the resource.
  • Adds TLS certificates: If you are using HTTPS, Stacktape issues and attaches a free, AWS-managed TLS certificate to the resource, handling TLS termination for you.

If you want to use your own certificates, you can configure customCertificateArns on the listener.

To manage a custom domain, it must first be added to your AWS account as a hosted zone, and your domain registrar's name servers must point to it. For more details, see the Adding a domain guide.

resources:
  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      customDomains:
        - my-app.mydomain.com

Using a 3rd-party DNS

To use a domain from a provider like GoDaddy or Cloudflare:

  1. Create or import a TLS certificate for your domain in the AWS Certificate Manager console and copy its ARN.
  2. Configure a listener on your load balancer to use the custom certificate.
  3. After deploying, find the ALB's domain name in the Stacktape Console.
  4. In your DNS provider's dashboard, create a CNAME or ALIAS record pointing to the ALB's domain name.
resources:
  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      listeners:
        - port: 443
          protocol: HTTPS
          customCertificateArns:
            - arn:aws:acm:eu-west-1:999999999999:certificate/8ab817b5-c4fa-4b1d-8b72-d6082cb40351
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS

A custom HTTPS listener with a custom certificate and an automatic redirect from HTTP to HTTPS.

Custom listeners

Listeners check for connection requests from clients, using the protocol and port that you configure. You can define rules for a listener that determine how the load balancer routes requests to its registered targets.

Listeners define the port and protocol that the Load Balancer uses to accept incoming traffic.

If you do not specify any listeners, two are created by default:

  • An HTTPS listener on port 443 (all traffic is routed here).
  • An HTTP listener on port 80 (which automatically redirects to the HTTPS listener).
ApplicationLoadBalancerListener  API reference
Parent:ApplicationLoadBalancer
protocol
Required
port
Required
customCertificateArns
whitelistIps
defaultAction
resources:
  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      listeners:
        - port: 80
          protocol: HTTP


  myFunction:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: my-lambda.js
      events:
        - type: application-load-balancer
          properties:
            loadBalancerName: myLoadBalancer
            # you need to specify listener port when referencing load balancer with custom listeners
            listenerPort: 80
            priority: 5
            paths:
              - '*'

An ALB with a single listener and a function integration.

Default listener action

The default action for a listener determines what to do with a request that doesn't match any of the listener's rules.

Redirect

You can configure a listener to redirect incoming requests to a different URL. For example, you can redirect all HTTP requests on port 80 to an HTTPS listener on port 443.

LbRedirect  API reference
Parent:ApplicationLoadBalancerListener
type
Required
properties.statusCode
Required
properties.path
properties.query
properties.port
properties.host
properties.protocol
resources:
  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      customDomains:
        - my-app.mydomain.com
      listeners:
        - port: 443
          protocol: HTTPS
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS
              port: 443

CDN

You can place an AWS CloudFront CDN in front of your ALB to cache content and reduce latency.

A CDN is a globally distributed network of edge locations that caches responses from your Application Load Balancer, bringing content closer to your users.

Using a CDN can:

  • Reduce latency and improve load times.
  • Lower bandwidth costs.
  • Decrease the amount of traffic hitting your origin.
  • Enhance security.

The "origin" is the resource (in this case, the Application Load Balancer) that the CDN is attached to. The CDN has its own URL endpoint.

For more information, see the CDN documentation.

Using a firewall

You can protect your ALB with a web application firewall (WAF).

A web-app-firewall can protect your resources from common web exploits that could affect availability, compromise security, or consume excessive resources. The firewall works by filtering malicious requests before they reach your application.

For more information, see the firewall documentation.

To learn more, see the Web Application Firewall documentation.

resources:
  myFirewall:
    type: web-app-firewall
    properties:
      scope: regional
  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      useFirewall: myFirewall

Referenceable parameters

The following parameters can be easily referenced using $ResourceParam directive directive.

To learn more about referencing parameters, refer to referencing parameters.

domain

  • default domain name of load balancer

  • Usage: $ResourceParam('<<resource-name>>', 'domain')
customDomains

  • Comma-separated list of custom domain names assigned to the Load balancer (only available if you use custom domain names)

  • Usage: $ResourceParam('<<resource-name>>', 'customDomains')
cdnDomain

  • Default domain of the CDN distribution (only available if you DO NOT configure custom domain names for the CDN).

  • Usage: $ResourceParam('<<resource-name>>', 'cdnDomain')
cdnUrl

  • Default url of the CDN distribution (only available if you DO NOT configure custom domain names for the CDN).

  • Usage: $ResourceParam('<<resource-name>>', 'cdnUrl')
cdnCustomDomains

  • Comma-separated list of custom domain names assigned to the CDN (only available if you configure custom domain names for the CDN).

  • Usage: $ResourceParam('<<resource-name>>', 'cdnCustomDomains')
cdnCustomDomainUrls

  • Comma-separated list of custom domain name URLs of the CDN (only available if you configure custom domain names for the CDN).

  • Usage: $ResourceParam('<<resource-name>>', 'cdnCustomDomainUrls')

Contents