The Elastic Load Balancer is a manged layer 4 load balancer by AWS. The ELB can be deployed as a public-facing load balancer or internally in your VPC. Instances are added either manually or, if associated with an Auto Scaling group, automatically. The load balancer continuously checks the health of the instances and takes unhealthy instances out of rotation. By enabling cross-zone loadbalancing, the load balancer spreads out the load evenly over multiple availability zones.
AWS Reference Architectures
This article is used in the following AWS reference architectures:
Create an AWS Load Balancer
- Log into the AWS console.
- In the upper right, click on the datacenter location, and select the datacenter you want to deploy to from the list.
- Click Services and select EC2.
- In the Load Balancing section of the left menu, click Load Balancer.
- Click Create Load Balancer.
- Select Classic Load Balancer and click Create.
- Enter the Basic Configuration Settings:
- Load Balancer name – Enter name for the load balancer.
- Create LB inside – Select the VPC the firewalls are deployed to from the list.
- Create an internal load balancer – Select the check box to create an internal load balancer. Internal load balancers are reachable from within the VPC and do not have a public IP address.
- For each Listener, click Add and enter:
- Load Balancer Protocol – Select the protocol from the list. Supported protocols: TCP, HTTP, HTTPS, SSL (Secure TCP).
- Load Balancer Port – Enter the external port.
- Instance Protocol – Enter the protocol. In most cases, this is the same protocol as the Load Balancer Protocol. To offload SSL encryption to the ELB, different protocols can be selected (e.g, HTTPS to HTTP).
- Instance Port – Enter the port number of the service on the instance.
- Click + in the Actions column to add subnets to the load balancer. Add the subnets containing the firewall instances. Each subnet should be in a different Availability Zone.
- Click Next: Assign Security Groups.
- Click Create new security group.
- For each load balancer listener, create a Rule. Click Add Rule for each additional security group rule required.
- Type – Select the protocol or type of traffic. E.g., Custom TCP Rule for TCP, or HTTPS for SSL-encrypted web traffic.
- Port Range – Enter the port. E.g., 691 for TINA VPN
- Source – Select the source of the traffic. For Internet traffic, select Anywhere and enter
0.0.0.0/0.
- Type – Select the protocol or type of traffic. E.g., Custom TCP Rule for TCP, or HTTPS for SSL-encrypted web traffic.
- Configure the Health Check.
- Ping Protocol – Select the protocol from the list.
- Ping Port – Enter the port. E.g, 691 for TINA VPN, or 443 for HTTPS
- Response Timeout – Enter the number of seconds the probe waits for an answer.
- Interval – Enter the number of seconds between two probes.
- Unhealthy threshold – Enter the number of failed heath checks for the instance to be considered unhealthy. Unhealthy health checks are taken out of rotation until healthy again.
- Healthy threshold – Enter the the number of successful heath checks for the instance to be considered healthy.
- Ping Protocol – Select the protocol from the list.
- Click Next: Add EC2 Instances.
- (optional) If the firewall EC2 instances are already deployed, select the EC2 instances.
- Select Enable Cross-Zone Load Balancing.
- Click Next: Add Tags.
- (optional) Add Key / Value tags to the resource. Click Create Tag to add additional tags.
- Click Review and Create.
- Review the settings and click Create.
The Elastic Load Balancer is now deployed and ready for use.