Close
logoStacktape docs

Application Load Balancers

Overview

Application Load balancer is an entry-point to your application. Load balancer can route traffic to your application and integrates easily with workloads of your stack: functions, batch-jobs or container-workloads.

  • Application load balancers are used to communicate with your workloads using HTTP protocol.
  • You can offload SSL/TLS (HTTPS) termination to the load-balancer instead of handling it as a part of your application.
  • You can easily configure custom domain names or put CDN in-front of your application-load-balancer.

When to use

Application load balancer is a good fit for many cloud applications. Whether your backend is ran on container-workloads or functions thanks to high throughput and low latency, load balancer is ideal for high load fast performing applications.

Advantages

  • Predictible pricing - Application load balancers have predictable pricing model which can be found here. Eventhough application-load-balancers have fixed base price per month (as oposed to http-api-gateways, where you only pay for requests), when traffic is high application-load-balancer can be cheaper.
  • Scaling - Application load balancer is designed to handle traffic as it grows and can load balance millions of requests/sec.
  • Health checks - When application load balancer is used with container-workloads load balancer periodically checks health of target containers. It only sends requests to healthy ones and automatically notifies container-workload to replace unhealthy containers.
  • Content based routing - If your application is composed of several individual services, application-load-balancer can route a request to a service based on the content of the request such as Host field, Path URL, HTTP header, HTTP method, Query string or Source IP address.
  • Ease of use - Integrate with workloads of your stack with few lines of config
  • Security - You can offload SSL/TLS (HTTPS) termination to the load-balancer instead of handling it as a part of your application. This means that any communication between load-balancer and client can be encrypted.

Disadvantages

  • Fixed price base - You are paying ~20$/month for application-load-balancer even if it is sitting idle. When you have low traffic application or do NOT need the advantages that application-load-balancer offers, you might try using http-api-gateway

Usage

ApplicationLoadBalancer API reference
interface
string ENUM
interface determines load-balancers accessibility
domainNames
Array of string
domain names that will be attached to load balancer
Required
listeners
Array of ApplicationLoadBalancerListener
specifies listeners of load balancer
cdn
AlbCdnConfiguration
enables you to put CDN in front of load-balancer

➡️ Simple usage

Following example shows a simple application-load-balancer with single listener exposed.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

➡️ Listeners

Listeners provide a way to expose ports of application-load-balancer. They makes application-load-balancer accessible from the outside and forward traffic to workloads (functions, container-workloads, batch-jobs) of your stack.

ApplicationLoadBalancerListener API reference
Parent API reference: ApplicationLoadBalancer
Required
protocol
string ENUM
protocol used for listener
Required
port
number
port number on which the listener is accessible
customCertificateArns
Array of string
list of custom certificate arns that will be terminated by this listener
whitelistIps
Array of string
use this parameter to limit ip addresses from which listener can be accessed
defaultAction
LbRedirect
properties of load balancer default action

Following example shows application-load-balancer with one listeners. HTTPS listener at port 443.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

Default listener action

Default listener action determines what to do with request that does not match any event integration that are associated with this listener (see integrating with workloads).

Redirect

LbRedirect API reference
Parent API reference: ApplicationLoadBalancerListener
Required
type
string "redirect"
Type of the resource
properties.path
string
The absolute path, starting with the leading "/". This component is not percent-encoded.
properties.query
string
The query parameters, URL-encoded when necessary, but not percent-encoded.
properties.port
number
The port. You can specify a value from 1 to 65535 or #{port}.
properties.host
string
The hostname. This component is not percent-encoded.
properties.protocol
string ENUM
The protocol. You can specify HTTP, HTTPS, or #{protocol}.
Required
properties.statusCode
string ENUM
The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
LbRedirectProperties API reference
Parent API reference: LbRedirect
path
string
The absolute path, starting with the leading "/". This component is not percent-encoded.
query
string
The query parameters, URL-encoded when necessary, but not percent-encoded.
port
number
The port. You can specify a value from 1 to 65535 or #{port}.
host
string
The hostname. This component is not percent-encoded.
protocol
string ENUM
The protocol. You can specify HTTP, HTTPS, or #{protocol}.
Required
statusCode
string ENUM
The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).

Following example extens previous one and shows application-load-balancer with two listeners:

  • HTTPS listener at port 443
  • HTTP listener at port 80. HTTP listener has default redirect action configured. This means that any HTTP request is automatically redirected to its HTTPS version.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS
              port: 443

Integrating with workloads

To integrate with workload, you can simply add an event integration to deliver requests to the chosen workkload.

This example is only an extension of the previous one. We have added container-workload mySingleContainer with event integration which delivers all requests incoming to myLoadBalancer's listener on port 443 to the container.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
        - port: 80
          protocol: HTTP
          defaultAction:
            type: redirect
            properties:
              statusCode: HTTP_301
              protocol: HTTPS
              port: 443


  mySingleContainer:
    Type: 'container-workload'
    Properties:
      containers:
        - name: myCont
          imageConfig:
            filePath: containers/ts-container.ts
          environment:
            - name: port
              value: '80'
          events:
            - type: application-load-balancer
              properties:
                loadBalancerName: myLoadBalancer
                listenerPort: 443
                containerPort: 80
                priority: 2
                paths:
                  - '*'

More information on integrating workloads with application load balancer can be found:

➡️ Domain names

Domains can be easily controlled by Stacktape.

If your domain DNS records are controlled by AWS Route 53, Stacktape automatically generates correct TLS certifiates for your domain and assign them to listeners.

If your domain DNS records are NOT controlled by AWS:

  1. migrate domain with a help of domain-add command (if you are migrating domain which is currently in use, please readAWS docs).
  2. you can provision certificate by specifying customCertificateArns for your listener.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      domainNames:
        - my-app.mydomain.com
      listeners:
        - port: 443
          protocol: HTTPS

➡️ Cdn

AlbCdnConfiguration API reference
Parent API reference: ApplicationLoadBalancer
Required
listenerPort
number
listener port to which cdn will forward traffic
originDomainName
string
explicitly set origin domain name you wish to use when forwarding to load balancer
Required
enabled
boolean
enables CDN distribution creation
cachingOptions
CdnCachingOptions
specifies custom caching options
forwardingOptions
CdnForwardingOptions
specifies custom forwarding options
routeRewrites
Array of CdnRouteRewrite
enables you to direct request for specified url paths to different origins
domainNames
Array of DomainConfiguration
custom domain names for cdn distribution
cloudfrontPriceClass
string ENUM
price class can be used to restrict the locations from which CDN serves traffic.
setResponseHeaders
Array of CdnResponseHeader
manually set headers that CDN will automatically add to response
defaultRoutePrefix
string
when used, cdn prefixes every request to the origin with the prefix
errorDocument
string
custom error document url
indexDocument
string
custom index (root) document for the distribution

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443

Cdn domain names

Domains can be easily controlled by Stacktape.

If your domain DNS records are controlled by AWS Route 53, Stacktape automatically generates correct TLS certifiates for your domain.

If your domain DNS records are NOT controlled by AWS:

  1. migrate domain with a help of domain-add command (if you are migrating domain which is currently in use, please readAWS docs).
  2. you can provision certificate by specifying customCertificateArn and specifyingdisableDnsProvision
DomainConfiguration API reference
Parent API reference: AlbCdnConfiguration
Required
domainName
string
fully qualified domain name
customCertificateArn
string
certificate to be provisioned with this domain
disableDnsProvision
boolean
disable creation of dns record

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        domainNames:
          - domainName: something.mydomain.com

Route rewrites

Route rewrites can be used to route request coming to different origins: I.e instead of forwarding request to the application-load-balancer, you can choose other resource to route to (http-api-gateway, bucket or load-balancer).

CdnRouteRewrite API reference
Parent API reference: AlbCdnConfiguration
Required
path
string
the path pattern that specifies which requests this route rewrite applies to
routePrefix
string
when used, cdn route rewrite prefixes every request to the origin with the prefix
routeTo
(CdnLoadBalancerRoute or CdnHttpApiGatewayRoute or CdnBucketRoute)
determines origin to which this route rewrite forwards requests
setResponseHeaders
Array of CdnResponseHeader
manually set headers that CDN will automatically add to response
cachingOptions
CdnCachingOptions
specifies custom caching options for the route rewrite
forwardingOptions
CdnForwardingOptions
specifies custom forwarding options for the route rewrite

Routing to bucket

CdnBucketRoute API reference
Parent API reference: CdnRouteRewrite
Required
type
string "bucket"
Type of the resource
Required
properties.bucketName
string
name of the bucket
properties.disableUrlNormalization
boolean
url normalization enables you to use clean urls without .html extensions

In the following example we are routing all request with url path starting with /static to the bucket myBucket which contains our static content. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /static/*
            routeTo:
              type: bucket
              properties:
                bucketName: myBucket
                disableUrlNormalization: true


  myBucket:
    Type: 'bucket'

Routing to application-load-balancer

CdnLoadBalancerRoute API reference
Parent API reference: CdnRouteRewrite
Required
type
string "application-load-balancer"
Type of the resource
Required
properties.loadBalancerName
string
name of the load balancer
Required
properties.listenerPort
number
port of load balancer listener
properties.originDomainName
string
explicitly set origin domain name you wish to use when forwarding to load balancer

In the following example we are routing all request with url path starting with /app2 to the application-load-balancer myLoadBalancer2. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /app2/*
            routeTo:
              type: 'application-load-balancer'
              properties:
                loadBalancerName: myLoadBalancer
                listenerPort: 443


  myLoadBalancer2:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS

Routing to application-load-balancer

CdnHttpApiGatewayRoute API reference
Parent API reference: CdnRouteRewrite
Required
type
string "http-api-gateway"
Type of the resource
Required
properties.httpApiGatewayName
string
name of the http-api-gateway

In the following example we are routing all request with url path starting with /app2 to the http-api-gateway appApiGateway. All other requests are routed to the application-load-balancer myLoadBalancer.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        routeRewrites:
          - path: /app2/*
            routeTo:
              type: 'http-api-gateway'
              properties:
                httpApiGatewayName: appApiGateway


  appApiGateway:
    Type: 'http-api-gateway'

Caching options

Caching options enable you to specify caching settings for your CDN.

You can specify different cache options for each route rewrite. This gives you ability to cache different types of content differently.

If you do not specify caching options, Stacktape uses default caching options.

CdnCachingOptions API reference
Parent API reference: (AlbCdnConfiguration or CdnRouteRewrite)
cacheMethods
Array of string ENUM
only responses to specified methods will be cached
minTTL
number
the minimum amount of time, in seconds, that you want objects to stay in the CDN cache before it sends another request to the origin
maxTTL
number
The maximum amount of time, in seconds, that objects stay in the CDN cache before it sends another request to the origin to see if the object has been updated.
defaultTTL
number
The default amount of time, in seconds, that you want objects to stay in the CDN cache before it sends another request to the origin to see if the object has been updated.
disableCompression
boolean
if enabled, CDN will automatically compress certain files returned from origin before returning to viewer
disableAcceptEncodingBrotli
boolean
determines whether CDN can use Brotli compression
disableAcceptEncodingGzip
boolean
determines whether CDN can use Gzip compression
cacheKeyParameters
CdnCacheKey
specifies HTTP headers, cookies, and URL query strings to include in the cache key

In the following example we are setting default TTL for the default route to 60 seconds. However, every request with url path starting with /static will be cached for 604800 seconds (1 week).

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        cachingOptions:
          defaultTTL: 60
        routeRewrites:
          - path: /static/*
            cachingOptions:
              defaultTTL: 604800

Specify cache key

Cache key specifies which parts of request are included in the cache key.

By default requests are cached only based on path.

You can configure cache key to include headers, cookies or query params.

CdnCacheKey API reference
Parent API reference: CdnCachingOptions
cookies
CacheKeyCookies
specifies if and which cookies are included in cache key
headers
CacheKeyHeaders
specifies if and which headers are included in cache key
queryString
CacheKeyQueryString
specifies if and which query parameters are included in cache key
Cache key headers
CacheKeyHeaders API reference
Parent API reference: CdnCacheKey
none
boolean
if set to true, no headers are included in cache key
whitelist
Array of string
only the headers listed are included in the cache key
Cache key cookies
CacheKeyCookies API reference
Parent API reference: CdnCacheKey
none
boolean
if set to true, no cookies are included in cache key
whitelist
Array of string
only the cookies listed are included in the cache key
allExcept
Array of string
all cookies except the ones listed are included in the cache key
all
boolean
if set to true, all cookies are included in cache key
Cache key query string
CacheKeyQueryString API reference
Parent API reference: CdnCacheKey
all
boolean
if set to true, all query params are included in cache key
none
boolean
if set to true, no query params are included in cache key
whitelist
Array of string
only the query params listed are included in the cache key

Forwarding options

Forwarding options enable you to specify which parts of request get forwarded to the origin.

You can specify different forwarding options for each route rewrite. This gives you ability to forward parts of request only when needed.

If you do not specify forwarding options, Stacktape uses default forwarding options.

CdnForwardingOptions API reference
Parent API reference: (AlbCdnConfiguration or CdnRouteRewrite)
customRequestHeaders
Array of CdnCustomRequestHeader
manually set headers which CDN will include when sending request to origin
allowedMethods
Array of string ENUM
specifies which methods will be forwarded by CDN to the origin
cookies
ForwardCookies
specifies if and which cookies will be forwarded to the origin
headers
ForwardHeaders
specifies if and which headers will be forwarded to the origin
queryString
ForwardQueryString
specifies if and which query params will be forwarded to the origin

In the following example we are configuring CDN to only forward requests with methods GET and

POST.

resources:
  myLoadBalancer:
    Type: 'application-load-balancer'
    Properties:
      listeners:
        - port: 443
          protocol: HTTPS
      cdn:
        enabled: true
        listenerPort: 443
        forwardingOptions:
          allowedMethods:
            - 'GET'
            - 'POST'

Forwarding headers
ForwardHeaders API reference
Parent API reference: CdnForwardingOptions
none
boolean
if set to true, no headers are forwarded to the origin
whitelist
Array of string
only the headers listed are forwarded to the origin
allViewer
boolean
if set to true, all viewer headers are forwarded to the origin
allViewerAndWhitelistCloudFront
Array of string
all viewer headers and additional listed CDN headers are forwarded to the origin
Forwarding cookies
ForwardCookies API reference
Parent API reference: CdnForwardingOptions
none
boolean
if set to true, no cookies are forwarded to the origin
whitelist
Array of string
only the cookies listed are forwarded to the origin
all
boolean
if set to true, all cookies are forwarded to the origin
Forwarding query string
ForwardQueryString API reference
Parent API reference: CdnForwardingOptions
all
boolean
if set to true, all query params are forwarded to the origin
none
boolean
if set to true, no query params are forwarded to the origin
whitelist
Array of string
only the query parameters listed are forwarded to the origin