Stacktape
Stacktape


Network Load Balancers



A Network Load Balancer (NLB) serves as a single point of contact for clients and distributes incoming traffic across multiple targets. It operates at the transport layer (layer 4) and is ideal for load balancing TCP traffic where extreme performance is required.

NLBs can be integrated with multi-container workloads, offload SSL/TLS termination, and be configured with custom domain names.

Under the hood, Stacktape uses AWS Network Load Balancer.

When to use them

NLBs are a good choice for applications that use TCP protocols other than HTTP/S. If your application uses HTTP or HTTPS, an Application Load Balancer is a better choice.

Advantages

  • Predictable pricing: NLBs have a predictable pricing model, which can be more cost-effective than HTTP API Gateways for high-traffic applications.
  • Scalability: NLBs can handle millions of requests per second and scale automatically as traffic grows.
  • Health checks: When used with container workloads, an NLB periodically checks the health of each container and only routes traffic to healthy ones.
  • Ease of use: You can integrate an NLB with your compute resources with just a few lines of configuration.
  • Security: You can offload SSL/TLS termination to the load balancer, encrypting traffic between the client and the NLB.

Disadvantages

  • Fixed cost: NLBs have a fixed monthly cost (around $20/month), even if they are idle.
  • Limited integrations: NLBs can only be integrated with multi-container workloads.

Basic usage

NetworkLoadBalancer  API reference
type
Required
properties.listeners
Required
properties.interface
Default: internet
properties.customDomains
overrides
resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
listeners:
- port: 8080
protocol: TLS
myWorkload:
type: 'multi-container-workload'
properties:
containers:
- name: container1
packaging:
type: stacktape-image-buildpack
properties:
entryfilePath: containers/ts-container.ts
events:
- type: network-load-balancer
properties:
loadBalancerName: myLoadBalancer
listenerPort: 8080
containerPort: 8080
resources:
cpu: 0.25
memory: 512

A Network Load Balancer with a multi-container workload integration.

Integrating with compute resources

You can forward traffic from an NLB to a multi-container workload. Each integration must specify the load balancer, the listener port, and the container port.

resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
listeners:
- port: 8080
protocol: TLS
myWorkload:
type: 'multi-container-workload'
properties:
containers:
- name: container1
packaging:
type: stacktape-image-buildpack
properties:
entryfilePath: containers/ts-container.ts
events:
- type: network-load-balancer
properties:
loadBalancerName: myLoadBalancer
listenerPort: 8080
containerPort: 8080
resources:
cpu: 0.25
memory: 512

For more information, see the documentation on integrating NLBs with multi-container workloads.

Custom domain names

You can use a custom domain for your NLB. If you don't have one, you can register one through Stacktape.

If you already have a domain, you can either let Stacktape manage it (if you use AWS Route 53 for DNS) or use a third-party DNS provider.

For more details, see the Domains and Certificates page.

Using Stacktape to manage domains and certs

Stacktape allows you to connect your custom domain names to some of your resources (Web Service, HTTP API Gateways, Application Load Balancers and Buckets with CDNs).

Connecting a custom domain to the resource does 2 things:

  • Creates DNS records:
    • If you use your custom domain with a resource, Stacktape automatically creates a DNS record (during deploy) pointing the specified domain name to the resource.
  • Adds TLS certificates
    • If you do not specify custom listeners or your listeners use TLS, Stacktape takes care of issuing and attaching correct (free, AWS-managed) certificate to the resource. This means, you do not have to deal with TLS termination as it is handled by the connected resource.
    • If you want to use your own certificates, you can configure customCertificateArns on the listener.

To manage a custom domain, it first needs to be added to your AWS account. This means that a hosted zone (collection of records managed together for a given domain) for your domain exists in your AWS account and your domain registrar's name servers are pointing to it. To learn more, refer to Adding a domain guide.

resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
customDomains:
- my-app.mydomain.com
listeners:
- port: 8080
protocol: TLS

Using a 3rd-party DNS

To use a domain from a provider like GoDaddy or Cloudflare:

  1. Create or import a TLS certificate for your domain in the AWS Certificate Manager console and copy its ARN.
  2. Configure a listener on your load balancer to use the custom certificate.
  3. After deploying, find the NLB's domain name in the Stacktape Console.
  4. In your DNS provider's dashboard, create a CNAME or ALIAS record pointing to the NLB's domain name.
resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
listeners:
- port: 8080
protocol: TLS
customCertificateArns:
- arn:aws:acm:eu-west-1:999999999999:certificate/8ab817b5-c4fa-4b1d-8b72-d6082cb40351
myWorkload:
type: 'multi-container-workload'
properties:
containers:
- name: container1
packaging:
type: stacktape-image-buildpack
properties:
entryfilePath: containers/ts-container.ts
events:
- type: network-load-balancer
properties:
loadBalancerName: myLoadBalancer
listenerPort: 8080
containerPort: 8080
resources:
cpu: 0.25
memory: 512

Listeners

Listeners check for connection requests from clients, using the protocol and port that you configure.

  • Listeners are used to expose specific ports of the Load balancer.
  • Traffic routed to the listener is then routed to the target resource based on the integrations.
protocol
Required
port
Required
customCertificateArns
whitelistIps
resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
customDomains:
- my-app.mydomain.com
listeners:
- port: 8080
protocol: TLS
- port: 8081
protocol: TCP
- port: 8082
protocol: TLS

A Network Load Balancer with three listeners.

Custom TLS certificates

You can configure a listener to use a custom TLS certificate.

resources:
myLoadBalancer:
type: 'network-load-balancer'
properties:
listeners:
- port: 8080
protocol: TLS
customCertificateArns:
- arn:aws:acm:eu-west-1:999999999999:certificate/8ab817b5-c4fa-4b1d-8b72-d6082cb40351
myWorkload:
type: 'multi-container-workload'
properties:
containers:
- name: container1
packaging:
type: stacktape-image-buildpack
properties:
entryfilePath: containers/ts-container.ts
events:
- type: network-load-balancer
properties:
loadBalancerName: myLoadBalancer
listenerPort: 8080
containerPort: 8080
resources:
cpu: 0.25
memory: 512

Referenceable parameters

The following parameters can be easily referenced using $ResourceParam directive directive.

To learn more about referencing parameters, refer to referencing parameters.

domain
  • default domain name of load balancer

  • Usage: $ResourceParam('<<resource-name>>', 'domain')
customDomains
  • Comma-separated list of custom domain names assigned to the Load balancer (only available if you use custom domain names)

  • Usage: $ResourceParam('<<resource-name>>', 'customDomains')

Contents