adding_ALB_guidance #90
Conversation
There was a problem hiding this comment.
Pull Request Overview
Adds a new AWS Application Load Balancer (ALB) guide explaining purpose, components, workflow, comparisons, and setup steps.
- Introduces conceptual overview (listeners, rules, target groups, health checks, security).
- Provides comparison table vs CLB and NLB plus setup checklist.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| --- | ||
|
|
||
| ## Example Use Cases | ||
| - **Microservices Architecture**: Route `/api/*` to ECS tasks, `/static/*` to S3 via CloudFront. |
There was a problem hiding this comment.
This example implies ALB can directly route a path to S3 via CloudFront; ALB target groups cannot include S3, and CloudFront would normally sit in front of (not behind) the ALB or serve static assets directly. Suggest revising to something like: 'Serve /api/* via ECS behind the ALB; serve static assets (/static/*) directly from S3/CloudFront (bypassing the ALB).'
| - **Microservices Architecture**: Route `/api/*` to ECS tasks, `/static/*` to S3 via CloudFront. | |
| - **Microservices Architecture**: Serve `/api/*` via ECS behind the ALB; serve static assets (`/static/*`) directly from S3/CloudFront (bypassing the ALB). |
| | Feature | Classic LB (CLB) | Network LB (NLB) | Application LB (ALB) | | ||
| |-----------------------------|----------------------|-----------------------|------------------------| | ||
| | OSI Layer | 4 & 7 | 4 (TCP/UDP) | 7 (HTTP/HTTPS) | | ||
| | Intelligent Routing | Basic | No (only transport) | Yes (content-based) | | ||
| | Protocols | HTTP, HTTPS, TCP | TCP, UDP, TLS | HTTP, HTTPS, gRPC | | ||
| | Performance | Good | Ultra-high (millions) | High, optimized for web| | ||
| | Best Use Case | Legacy apps | Low-latency, high TPS | Web apps, microservices| |
There was a problem hiding this comment.
Each line starts with a double pipe '||', which creates an unintended empty first column in Markdown tables. Remove the extra leading '|' so the table renders correctly (e.g., start rows with a single '| Feature ...').
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| |-----------------------------|----------------------|-----------------------|------------------------| | ||
| | OSI Layer | 4 & 7 | 4 (TCP/UDP) | 7 (HTTP/HTTPS) | | ||
| | Intelligent Routing | Basic | No (only transport) | Yes (content-based) | | ||
| | Protocols | HTTP, HTTPS, TCP | TCP, UDP, TLS | HTTP, HTTPS, gRPC | |
There was a problem hiding this comment.
The table rows start with a double pipe, creating an unintended empty first column in Markdown; remove the leading extra pipe on each line. Also, the ALB Protocols column omits supported HTTP/2 and WebSocket (and gRPC rides over HTTP/2), so updating to "HTTP, HTTPS, HTTP/2, WebSocket, gRPC" would be more accurate.
| | Protocols | HTTP, HTTPS, TCP | TCP, UDP, TLS | HTTP, HTTPS, gRPC | | |
| | Protocols | HTTP, HTTPS, TCP | TCP, UDP, TLS | HTTP, HTTPS, HTTP/2, WebSocket, gRPC | |
| - Ensures application availability even if one AZ experiences failure. | ||
|
|
||
| ### 6. Security Features | ||
| - Integrated with **Security Groups** (stateful firewalls at instance level). |
There was a problem hiding this comment.
Security groups are attached to ENIs (including the ALB itself), not limited to "instance level"; simplifying to "Integrated with security groups for inbound traffic control" would avoid a misleading scope.
| - Integrated with **Security Groups** (stateful firewalls at instance level). | |
| - Integrated with **Security Groups** for inbound traffic control. |
| 3. Create **Target Groups** and register your backend services. | ||
| 4. Configure **Routing Rules** to forward requests based on conditions. | ||
| 5. Attach **Security Groups** and (optional) **WAF** for protection. | ||
| 6. Point your **DNS (Route 53)** to the ALB’s DNS name. |
There was a problem hiding this comment.
For root domains you typically create an Alias A (or AAAA) record in Route 53 pointing to the ALB rather than using its raw DNS name; clarifying "Create a Route 53 Alias record to the ALB" improves operational accuracy.
| 6. Point your **DNS (Route 53)** to the ALB’s DNS name. | |
| 6. For root domains, create a **Route 53 Alias A (or AAAA) record** pointing to the ALB. For subdomains, you can use a CNAME to the ALB’s DNS name. |
1 participant
I made a guide for ALB explaining the core need for it, components, workflow, examples, comparison with other LBs and setup.