Close
logoStacktape docs

Application Load Balancers

Overview

Application Load balancer is an entry-point to your application. Load balancer routes traffic to your application and integrates easily with workloads of your stack: functions, batch-jobs or container-workloads.

  • Application load balancers are used to communicate with your workloads using the HTTP protocol.
  • You can offload SSL/TLS (HTTPS) termination to the load-balancer instead of handling it as a part of your application.
  • You can easily configure custom domain names or put CDN in front of your application-load-balancer.

When to use

An application load balancer is a good fit for many cloud applications. Whether your backend is running on container-workloads or functions thanks to high throughput and low latency, an application load balancer is ideal for high load fast performing applications.

Advantages

  • Predictable pricing - Application load balancers have a predictable pricing model which can be found here. Even though application-load-balancers have fixed base price per month (as opposed to http-api-gateways, where you only pay for requests), when traffic is high application-load-balancer can be cheaper.
  • Scaling - Application load balancer is designed to handle traffic as it grows and can load balance millions of requests/sec.
  • Health checks - When an application load balancer is used with container-workloads, the load balancer periodically checks the health of target containers. It only sends requests to healthy ones and automatically notifies container-workload to replace unhealthy containers.
  • Content based routing - If your application is composed of several individual services, application-load-balancer can route a request to a service based on the content of the request such as Host field, Path URL, HTTP header, HTTP method, Query string or Source IP address.
  • Ease of use - Integrate with workloads of your stack with few lines of config
  • Security - You can offload SSL/TLS (HTTPS) termination to the load-balancer instead of handling it as a part of your application. This means that any communication between load-balancer and client can be encrypted.

Disadvantages

  • Fixed price base - You are paying ~20$/month for application-load-balancer even if it is sitting idle. When you have low traffic application or do NOT need the advantages that application-load-balancer offers, you might try using http-api-gateway

Simple usage

ApplicationLoadBalancer  API reference
Required
type
Type: string "application-load-balancer"
Type of the resource
Default: 'internet'
properties.interface
Type: string ENUM

Configures accessibility of the Load balancer

properties.domainNames
Type: Array of string

Configures domain names attached to this Load balancer

Required
properties.listeners
Type: Array of ApplicationLoadBalancerListener

Configures listeners (combinations of port and protocol) for this Load balancer

properties.cdn
Type: AlbCdnConfiguration
enables you to put CDN in front of load-balancer
overrides
Type: Object

Overrides properties of the specified sub-resource.

The following example shows a simple application-load-balancer with a single listener exposed.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

Configure listeners

Listeners provide a way to expose ports of application-load-balancer. They makes application-load-balancer accessible from the outside and forward traffic to workloads (functions, container-workloads, batch-jobs) of your stack.

ApplicationLoadBalancerListener  API reference
Parent API reference: ApplicationLoadBalancer
Required
protocol
Type: string ENUM

Protocol used for the listener

Required
port
Type: number

Port number on which the listener is accessible

customCertificateArns
Type: Array of string

Used to configure custom SSL/TLS certicates

whitelistIps
Type: Array of string

Limits accessibility of the listener to only specific IP addresses

defaultAction
Type: LbRedirect

Configures the behavior of the listener for request that cannot be matched to any integration.

Following example shows application-load-balancer with one listeners. HTTPS listener at port 443.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

Default listener action

Default listener action determines what to do with a request that does not match any event integration associated with this listener (see integrating with workloads).

Redirect

LbRedirect  API reference
Parent API reference: ApplicationLoadBalancerListener
Required
type
Type: string "redirect"
Type of the resource
properties.path
Type: string

Absolute path to redirect to.

properties.query
Type: string

Query parameters for the redirect.

properties.port
Type: number

Port for the redirect.

properties.host
Type: string

Hostname for the redirect.

properties.protocol
Type: string ENUM

Protocol for the redirect.

Required
properties.statusCode
Type: string ENUM

HTTP redirect code

The following example extends the previous one and shows application-load-balancer with two listeners:

  • HTTPS listener at port 443
  • HTTP listener at port 80. HTTP listener has default redirect action configured. This means that any HTTP request is automatically redirected to its HTTPS version.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS
              port: 443

Integrating with workloads

To integrate, add an event integration to the workload.

The following example extends the previous one and shows:

  • container-workload mySingleContainer with event integration which delivers all requests incoming to myLoadBalancer's listener on port 443 to the container.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS
              port: 443


  mySingleContainer:
    Type: 'container-workload'
    Properties:
      containers:
        - name: myCont
          imageConfig:
            filePath: containers/ts-container.ts
          environment:
            - name: port
              value: '80'
          events:
            - type: application-load-balancer
              properties:
                loadBalancerName: myLoadBalancer
                listenerPort: 443
                containerPort: 80
                priority: 2
                paths:
                  - '*'

More information on integrating workloads with application load balancer can be found:

Domain names

Domains can be easily controlled by Stacktape.

If your domain DNS records are controlled by AWS Route 53, Stacktape automatically generates correct TLS certifiates for your domain and assign them to listeners.

If your domain DNS records are NOT controlled by AWS:

  1. migrate domain with a help of domain-add command (if you are migrating domain which is currently in use, please readAWS docs).
  2. you can provision certificate by specifying customCertificateArns for your listener.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      domainNames:
        - my-app.mydomain.com
      listeners:
        - port: 443
          protocol: HTTPS

Cdn

AlbCdnConfiguration  API reference
Parent API reference: ApplicationLoadBalancer
Required
listenerPort
Type: number

Listener port to which the CDN traffic will be forwarded

originDomainName
Type: string

Configures origin domain name usef for forwarding to load balancer

Required
enabled
Type: boolean
enables CDN distribution creation
cachingOptions
Type: CdnCachingOptions
specifies custom caching options
forwardingOptions
Type: CdnForwardingOptions
specifies custom forwarding options
routeRewrites
Type: Array of CdnRouteRewrite
enables you to direct request for specified url paths to different origins
domainNames
Type: Array of DomainConfiguration
custom domain names for cdn distribution
cloudfrontPriceClass
Type: string ENUM
price class can be used to restrict the locations from which CDN serves traffic.
setResponseHeaders
Type: Array of CdnResponseHeader
manually set headers that CDN will automatically add to response
defaultRoutePrefix
Type: string
when used, cdn prefixes every request to the origin with the prefix
errorDocument
Type: string
custom error document url
indexDocument
Type: string
custom index (root) document for the distribution
Default: true
invalidateAfterDeploy
Type: boolean

if set to true, invalidates the cdn cache after each deploy

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443

Cdn domain names

Domains can be easily controlled by Stacktape.

If your domain DNS records are controlled by AWS Route 53, Stacktape automatically generates correct TLS certificates for your domain.

If your domain DNS records are NOT controlled by AWS:

  1. migrate domain with a help of domain-add command (if you are migrating domain which is currently in use, please readAWS docs).
  2. you can provision certificate by specifying customCertificateArn and specifyingdisableDnsProvision
DomainConfiguration  API reference
Parent API reference: AlbCdnConfiguration
Required
domainName
Type: string

Fully qualified (absolute) domain name.

customCertificateArn
Type: string

ARN of a custom certificate to be provisioned with this domain

disableDnsProvision
Type: boolean

Disables creation of a DNS record

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        domainNames:
          - domainName: something.mydomain.com

Route rewrites

Route rewrites can be used to route incoming requests to different origins: I.e., instead of forwarding a request to the application-load-balancer, the request can be forwarded to another origin (http-api-gateway, bucket or application-load-balancer).

CdnRouteRewrite  API reference
Parent API reference: AlbCdnConfiguration
Required
path
Type: string

Path to be adjusted by this route rewrite

routePrefix
Type: string
when used, cdn route rewrite prefixes every request to the origin with the prefix
routeTo
Type: (CdnLoadBalancerRoute or CdnHttpApiGatewayRoute or CdnBucketRoute)
determines origin to which this route rewrite forwards requests
setResponseHeaders
Type: Array of CdnResponseHeader
manually set headers that CDN will automatically add to response
cachingOptions
Type: CdnCachingOptions
specifies custom caching options for the route rewrite
forwardingOptions
Type: CdnForwardingOptions
specifies custom forwarding options for the route rewrite

Routing to a bucket

CdnBucketRoute  API reference
Parent API reference: CdnRouteRewrite
Required
type
Type: string "bucket"
Type of the resource
Required
properties.bucketName
Type: string
name of the bucket
properties.disableUrlNormalization
Type: boolean
url normalization enables you to use clean urls without .html extensions

In the following example we are routing all request with url path starting with /static to the bucket myBucket which contains our static content. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /static/*
            routeTo:
              type: bucket
              properties:
                bucketName: myBucket
                disableUrlNormalization: true


  myBucket:
    Type: 'bucket'

Routing to application-load-balancer

CdnLoadBalancerRoute  API reference
Parent API reference: CdnRouteRewrite
Required
type
Type: string "application-load-balancer"
Type of the resource
Required
properties.loadBalancerName
Type: string
name of the load balancer
Required
properties.listenerPort
Type: number
port of load balancer listener
properties.originDomainName
Type: string
explicitly set origin domain name you wish to use when forwarding to load balancer

In the following example we are routing all request with url path starting with /app2 to the application-load-balancer myLoadBalancer2. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /app2/*
            routeTo:
              type: 'application-load-balancer'
              properties:
                loadBalancerName: myLoadBalancer
                listenerPort: 443


  myLoadBalancer2:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

Routing to http-api-gateway

CdnHttpApiGatewayRoute  API reference
Parent API reference: CdnRouteRewrite
Required
type
Type: string "http-api-gateway"
Type of the resource
Required
properties.httpApiGatewayName
Type: string
name of the http-api-gateway

In the following example we are routing all request with url path starting with /app2 to the http-api-gateway appApiGateway. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /app2/*
            routeTo:
              type: 'http-api-gateway'
              properties:
                httpApiGatewayName: appApiGateway


  appApiGateway:
    Type: 'http-api-gateway'

Caching options

Caching options enable you to specify caching settings for your CDN.

You can specify different cache options for each route rewrite. This gives you the ability to cache different types of content differently.

If you do not specify caching options, Stacktape uses default caching options.

CdnCachingOptions  API reference
Parent API reference: (AlbCdnConfiguration or CdnRouteRewrite)
cacheMethods
Type: Array of string ENUM
only responses to specified methods will be cached
minTTL
Type: number
the minimum amount of time, in seconds, that you want objects to stay in the CDN cache before it sends another request to the origin
maxTTL
Type: number
The maximum amount of time, in seconds, that objects stay in the CDN cache before it sends another request to the origin to see if the object has been updated.
defaultTTL
Type: number
The default amount of time, in seconds, that you want objects to stay in the CDN cache before it sends another request to the origin to see if the object has been updated.
disableCompression
Type: boolean
if enabled, CDN will automatically compress certain files returned from origin before returning to viewer
disableAcceptEncodingBrotli
Type: boolean
determines whether CDN can use Brotli compression
disableAcceptEncodingGzip
Type: boolean
determines whether CDN can use Gzip compression
cacheKeyParameters
Type: CdnCacheKey
specifies HTTP headers, cookies, and URL query strings to include in the cache key

The following example shows:

  • CDN configuration in which we are setting default TTL for the default route to 60 seconds (1 minute).
  • every request, with URL path starting with /static, will be cached for 604800 seconds (1 week).

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        cachingOptions:
          defaultTTL: 60
        routeRewrites:
          - path: /static/*
            cachingOptions:
              defaultTTL: 604800

Specify cache key

The cache key section specifies which parts of a request are included in the cache key.

By default, requests are cached only based on the path.

A cache key can be configured to include headers, cookies, or query params.

CdnCacheKey  API reference
Parent API reference: CdnCachingOptions
cookies
Type: CacheKeyCookies
specifies if and which cookies are included in cache key
headers
Type: CacheKeyHeaders
specifies if and which headers are included in cache key
queryString
Type: CacheKeyQueryString
specifies if and which query parameters are included in cache key

Cache key headers

CacheKeyHeaders  API reference
Parent API reference: CdnCacheKey
none
Type: boolean
if set to true, no headers are included in cache key
whitelist
Type: Array of string
only the headers listed are included in the cache key

Cache key cookies

CacheKeyCookies  API reference
Parent API reference: CdnCacheKey
none
Type: boolean
if set to true, no cookies are included in cache key
whitelist
Type: Array of string
only the cookies listed are included in the cache key
allExcept
Type: Array of string
all cookies except the ones listed are included in the cache key
all
Type: boolean
if set to true, all cookies are included in cache key

Cache key query string

CacheKeyQueryString  API reference
Parent API reference: CdnCacheKey
all
Type: boolean
if set to true, all query params are included in cache key
none
Type: boolean
if set to true, no query params are included in cache key
whitelist
Type: Array of string
only the query params listed are included in the cache key

Forwarding options

Forwarding options specify which parts of a request get forwarded to the origin.

Different forwarding options can be specified for each route rewrite.

If no forwarding options are specified, Stacktape uses default forwarding options.

CdnForwardingOptions  API reference
Parent API reference: (AlbCdnConfiguration or CdnRouteRewrite)
customRequestHeaders
Type: Array of CdnCustomRequestHeader
manually set headers which CDN will include when sending request to origin
allowedMethods
Type: Array of string ENUM
specifies which methods will be forwarded by CDN to the origin
cookies
Type: ForwardCookies
specifies if and which cookies will be forwarded to the origin
headers
Type: ForwardHeaders
specifies if and which headers will be forwarded to the origin
queryString
Type: ForwardQueryString
specifies if and which query params will be forwarded to the origin

In the following example we are configuring CDN to only forward requests with methods GET and

POST.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        forwardingOptions:
          allowedMethods:
            - 'GET'
            - 'POST'

Forwarding headers

ForwardHeaders  API reference
Parent API reference: CdnForwardingOptions
none
Type: boolean
if set to true, no headers are forwarded to the origin
whitelist
Type: Array of string
only the headers listed are forwarded to the origin
allViewer
Type: boolean
if set to true, all viewer headers are forwarded to the origin
allViewerAndWhitelistCloudFront
Type: Array of string
all viewer headers and additional listed CDN headers are forwarded to the origin

Forwarding cookies

ForwardCookies  API reference
Parent API reference: CdnForwardingOptions
none
Type: boolean
if set to true, no cookies are forwarded to the origin
whitelist
Type: Array of string
only the cookies listed are forwarded to the origin
all
Type: boolean
if set to true, all cookies are forwarded to the origin

Forwarding query string

ForwardQueryString  API reference
Parent API reference: CdnForwardingOptions
all
Type: boolean
if set to true, all query params are forwarded to the origin
none
Type: boolean
if set to true, no query params are forwarded to the origin
whitelist
Type: Array of string
only the query parameters listed are forwarded to the origin