Using Elastic Load Balancing Query Requests - Elastic Load Balancing

Using Elastic Load Balancing Query Requests

Elastic Load Balancing provides APIs that you can call by submitting a Query request. Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action or Operation that specifies the API you are calling.

Calling the API using a Query request is the most direct way to access the web service, but requires that your application handle low-level details such as generating the hash to sign the request, and error handling. The benefit of calling the service using a Query request is that you are assured of having access to the complete functionality of the API.


The Query interface used by AWS is similar to REST, but does not adhere completely to the REST principles.

Signing Query Requests

Query requests travel over the Internet using either HTTP or HTTPS, and are vulnerable to being intercepted and altered in transit. To prevent this and ensure that the incoming request is both from a valid AWS account and unaltered, AWS requires all requests to be signed.

To sign a Query request, you calculate a digital signature using a cryptographic hash function over the text of the request and your AWS secret key. A cryptographic hash is a one-way function that returns unique results based on the input. The input to the hash function includes the text of your request and your secret access key. The hash function returns a hash value that you include in the request as your signature.

When Elastic Load Balancing receives the request, it re-calculates the signature using the request text and the secret key that matches the AWS access key in the request. If the two signatures match, Elastic Load Balancing knows that the query has not been altered and that the request originated from your account. This is one reason why it is important to safeguard your private key. Any malicious user who obtains it would be able to make AWS calls, and incur charges, on your account.

For additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using HTTPS. SSL encrypts the transmission, protecting your request or the response from being viewed in transit. For more information about securing your Query requests, see Making Secure Requests to Amazon Web Services.

The signature format that AWS uses has been refined over time to increase security and ease of use. Elastic Load Balancing supports Signature Version 2 and Signature Version 4. If you are creating new applications that use Elastic Load Balancing, then we recommend using Signature Version 4 for signing your query requests.

For information about how to create the signature using Signature Version 4, see Signature Version 4 Signing Process in the AWS General Reference.

For information about how to create the signature using Signature Version 2, see Signature Version 2 Signing Process in the AWS General Reference.

Regions and Endpoints for Elastic Load Balancing

The default region for the console for Elastic Load Balancing is US West (Oregon) Region and the default region for Elastic Load Balancing Query requests is US East (N. Virginia) Region. You can change the default region for the the console, the AWS CLI, and the AWS SDKs at any time.

As Elastic Load Balancing becomes available in new regions, we will add new endpoints for these regions. For the current list of supported regions and endpoints for Elastic Load Balancing, see Regions and Endpoints.