Network Load Balancers
A Network Load Balancer (NLB) serves as a single point of contact for clients and distributes incoming traffic across multiple targets. It operates at the transport layer (layer 4) and is ideal for load balancing TCP traffic where extreme performance is required.
NLBs can be integrated with multi-container workloads, offload SSL/TLS termination, and be configured with custom domain names.
Under the hood, Stacktape uses AWS Network Load Balancer.
When to use them
NLBs are a good choice for applications that use TCP protocols other than HTTP/S. If your application uses HTTP or HTTPS, an Application Load Balancer is a better choice.
Advantages
- Predictable pricing: NLBs have a predictable pricing model, which can be more cost-effective than HTTP API Gateways for high-traffic applications.
- Scalability: NLBs can handle millions of requests per second and scale automatically as traffic grows.
- Health checks: When used with container workloads, an NLB periodically checks the health of each container and only routes traffic to healthy ones.
- Ease of use: You can integrate an NLB with your compute resources with just a few lines of configuration.
- Security: You can offload SSL/TLS termination to the load balancer, encrypting traffic between the client and the NLB.
Disadvantages
- Fixed cost: NLBs have a fixed monthly cost (around $20/month), even if they are idle.
- Limited integrations: NLBs can only be integrated with multi-container workloads.
Basic usage
resources:myLoadBalancer:type: 'network-load-balancer'properties:listeners:- port: 8080protocol: TLSmyWorkload:type: 'multi-container-workload'properties:containers:- name: container1packaging:type: stacktape-image-buildpackproperties:entryfilePath: containers/ts-container.tsevents:- type: network-load-balancerproperties:loadBalancerName: myLoadBalancerlistenerPort: 8080containerPort: 8080resources:cpu: 0.25memory: 512
A Network Load Balancer with a multi-container workload integration.
Integrating with compute resources
You can forward traffic from an NLB to a multi-container workload. Each integration must specify the load balancer, the listener port, and the container port.
resources:myLoadBalancer:type: 'network-load-balancer'properties:listeners:- port: 8080protocol: TLSmyWorkload:type: 'multi-container-workload'properties:containers:- name: container1packaging:type: stacktape-image-buildpackproperties:entryfilePath: containers/ts-container.tsevents:- type: network-load-balancerproperties:loadBalancerName: myLoadBalancerlistenerPort: 8080containerPort: 8080resources:cpu: 0.25memory: 512
For more information, see the documentation on integrating NLBs with multi-container workloads.
Custom domain names
You can use a custom domain for your NLB. If you don't have one, you can register one through Stacktape.
If you already have a domain, you can either let Stacktape manage it (if you use AWS Route 53 for DNS) or use a third-party DNS provider.
For more details, see the Domains and Certificates page.
Using Stacktape to manage domains and certs
Stacktape allows you to connect your custom domain names to some of your resources (Web Service, HTTP API Gateways, Application Load Balancers and Buckets with CDNs).
Connecting a custom domain to the resource does 2 things:
- Creates DNS records:
- If you use your custom domain with a resource, Stacktape automatically creates a DNS record (during deploy) pointing the specified domain name to the resource.
- Adds TLS certificates
- If you do not specify custom
listeners
or your listeners use TLS, Stacktape takes care of issuing and attaching correct (free, AWS-managed) certificate to the resource. This means, you do not have to deal with TLS termination as it is handled by the connected resource. - If you want to use your own certificates, you can configure
customCertificateArns
on the listener.
- If you do not specify custom
To manage a custom domain, it first needs to be added to your AWS account. This means that a hosted zone (collection of records managed together for a given domain) for your domain exists in your AWS account and your domain registrar's name servers are pointing to it. To learn more, refer to Adding a domain guide.
resources:myLoadBalancer:type: 'network-load-balancer'properties:customDomains:- my-app.mydomain.comlisteners:- port: 8080protocol: TLS
Using a 3rd-party DNS
To use a domain from a provider like GoDaddy or Cloudflare:
- Create or import a TLS certificate for your domain in the AWS Certificate Manager console and copy its ARN.
- Configure a listener on your load balancer to use the custom certificate.
- After deploying, find the NLB's domain name in the Stacktape Console.
- In your DNS provider's dashboard, create a
CNAME
orALIAS
record pointing to the NLB's domain name.
resources:myLoadBalancer:type: 'network-load-balancer'properties:listeners:- port: 8080protocol: TLScustomCertificateArns:- arn:aws:acm:eu-west-1:999999999999:certificate/8ab817b5-c4fa-4b1d-8b72-d6082cb40351myWorkload:type: 'multi-container-workload'properties:containers:- name: container1packaging:type: stacktape-image-buildpackproperties:entryfilePath: containers/ts-container.tsevents:- type: network-load-balancerproperties:loadBalancerName: myLoadBalancerlistenerPort: 8080containerPort: 8080resources:cpu: 0.25memory: 512
Listeners
Listeners check for connection requests from clients, using the protocol and port that you configure.
- Listeners are used to expose specific ports of the Load balancer.
- Traffic routed to the listener is then routed to the target resource based on the integrations.
resources:myLoadBalancer:type: 'network-load-balancer'properties:customDomains:- my-app.mydomain.comlisteners:- port: 8080protocol: TLS- port: 8081protocol: TCP- port: 8082protocol: TLS
A Network Load Balancer with three listeners.
Custom TLS certificates
You can configure a listener to use a custom TLS certificate.
resources:myLoadBalancer:type: 'network-load-balancer'properties:listeners:- port: 8080protocol: TLScustomCertificateArns:- arn:aws:acm:eu-west-1:999999999999:certificate/8ab817b5-c4fa-4b1d-8b72-d6082cb40351myWorkload:type: 'multi-container-workload'properties:containers:- name: container1packaging:type: stacktape-image-buildpackproperties:entryfilePath: containers/ts-container.tsevents:- type: network-load-balancerproperties:loadBalancerName: myLoadBalancerlistenerPort: 8080containerPort: 8080resources:cpu: 0.25memory: 512
Referenceable parameters
The following parameters can be easily referenced using $ResourceParam directive directive.
To learn more about referencing parameters, refer to referencing parameters.
default domain name of load balancer
- Usage:
$ResourceParam('<<resource-name>>', 'domain')
Comma-separated list of custom domain names assigned to the Load balancer (only available if you use custom domain names)
- Usage:
$ResourceParam('<<resource-name>>', 'customDomains')