Tutorial: Create an Application Load Balancer using the AWS CLI
This tutorial provides a hands-on introduction to Application Load Balancers through the AWS CLI.
Before you begin
-
Use the following command to verify that you are running a version of the AWS CLI that supports Application Load Balancers.
aws elbv2 helpIf you get an error message that elbv2 is not a valid choice, update your AWS CLI. For more information, see Installing the AWS Command Line Interface in the AWS Command Line Interface User Guide.
-
Launch your EC2 instances in a virtual private cloud (VPC). Ensure that the security groups for these instances allow access on the listener port and the health check port. For more information, see Target security groups.
-
Decide if you will create an IPv4 or dualstack load balancer. Use IPv4 if you want clients to communicate with the load balancer using IPv4 addresses only. Use dualstack if you want clients to communicate with the load balancer using IPv4 and IPv6 addresses. You can also use dualstack to communicate with backend targets, such as IPv6 applications or dualstack subnets, using IPv6.
Create your load balancer
To create your first load balancer, complete the following steps.
To create a load balancer
-
Use the create-load-balancer command to create a load balancer. You must specify two subnets that are not from the same Availability Zone.
aws elbv2 create-load-balancer --namemy-load-balancer\ --subnets subnet-0e3f5cac72EXAMPLEsubnet-081ec835f3EXAMPLE--security-groups sg-07e8ffd50fEXAMPLEUse the create-load-balancer command to create a
dualstackload balancer.aws elbv2 create-load-balancer --namemy-load-balancer\ --subnets subnet-0e3f5cac72EXAMPLEsubnet-081ec835f3EXAMPLE--security-groups sg-07e8ffd50fEXAMPLE--ip-address-typedualstackThe output includes the Amazon Resource Name (ARN) of the load balancer, with the following format:
arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456 -
Use the create-target-group command to create a target group, specifying the same VPC that you used for your EC2 instances.
You can create IPv4 and IPv6 target groups to associate with dualstack load balancers. The target group's IP address type determines the IP version that the load balancer will use to both communicate with, and check the health of, your backend targets.
aws elbv2 create-target-group --namemy-targets--protocol HTTP --port 80 \ --vpc-id vpc-0598c7d356EXAMPLE--ip-address-type[ipv4 or ipv6]The output includes the ARN of the target group, with this format:
arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/1234567890123456 -
Use the register-targets command to register your instances with your target group:
aws elbv2 register-targets --target-group-arntargetgroup-arn\ --targets Id=i-0abcdef1234567890Id=i-1234567890abcdef0 -
Use the create-listener command to create a listener for your load balancer with a default rule that forwards requests to your target group:
aws elbv2 create-listener --load-balancer-arnloadbalancer-arn\ --protocol HTTP --port 80 \ --default-actions Type=forward,TargetGroupArn=targetgroup-arnThe output contains the ARN of the listener, with the following format:
arn:aws:elasticloadbalancing:us-east-2:123456789012:listener/app/my-load-balancer/1234567890123456/1234567890123456 -
(Optional) You can verify the health of the registered targets for your target group using this describe-target-health command:
aws elbv2 describe-target-health --target-group-arntargetgroup-arn
Add an HTTPS listener
If you have a load balancer with an HTTP listener, you can add an HTTPS listener as follows.
To add an HTTPS listener to your load balancer
-
Create an SSL certificate for use with your load balancer using one of the following methods:
-
Create or import the certificate using AWS Certificate Manager (ACM). For more information, see Request a certificate or Importing certificates in the AWS Certificate Manager User Guide.
-
Upload the certificate using AWS Identity and Access Management (IAM). For more information, see Working with server certificates in the IAM User Guide.
-
-
Use the create-listener command to create the listener with a default rule that forwards requests to your target group. You must specify an SSL certificate when you create an HTTPS listener. Note that you can specify an SSL policy other than the default using the
--ssl-policyoption.aws elbv2 create-listener --load-balancer-arnloadbalancer-arn\ --protocol HTTPS --port 443 \ --certificates CertificateArn=certificate-arn\ --default-actions Type=forward,TargetGroupArn=targetgroup-arn
Add path-based routing
If you have a listener with a default rule that forwards requests to one target group, you can add a rule that forwards requests to another target group based on URL. For example, you can route general requests to one target group and requests to display images to another target group.
To add a rule to a listener with a path pattern
-
Use the create-target-group command to create a target group:
aws elbv2 create-target-group --namemy-targets--protocol HTTP --port 80 \ --vpc-id vpc-0598c7d356EXAMPLE -
Use the register-targets command to register your instances with your target group:
aws elbv2 register-targets --target-group-arntargetgroup-arn\ --targets Id=i-0abcdef1234567890Id=i-1234567890abcdef0 -
Use the create-rule command to add a rule to your listener that forwards requests to the target group if the URL contains the specified pattern:
aws elbv2 create-rule --listener-arnlistener-arn--priority10\ --conditions Field=path-pattern,Values='/img/*' \ --actions Type=forward,TargetGroupArn=targetgroup-arn
Delete your load balancer
When you no longer need your load balancer and target group, you can delete them as follows:
aws elbv2 delete-load-balancer --load-balancer-arnloadbalancer-arnaws elbv2 delete-target-group --target-group-arntargetgroup-arn
