Getting started with Application Load Balancers using the AWS CLI - Elastic Load Balancing

Getting started with Application Load Balancers using the AWS CLI

This tutorial provides a hands-on introduction to Application Load Balancers through the AWS CLI.

Before you begin

  • Use the following command to verify that you are running a version of the AWS CLI that supports Application Load Balancers.

    aws elbv2 help

    If you get an error message that elbv2 is not a valid choice, update your AWS CLI. For more information, see Installing the AWS Command Line Interface in the AWS Command Line Interface User Guide.

  • Launch your EC2 instances in a virtual private cloud (VPC). Ensure that the security groups for these instances allow access on the listener port and the health check port. For more information, see Target security groups.

  • Decide if you will create an IPv4 or dualstack load balancer. Use IPv4 if you want clients to communicate with the load balancer using IPv4 addresses only. Use dualstack if you want clients to communicate with the load balancer using IPv4 and IPv6 addresses. You can also use dualstack to communicate with backend targets, such as IPv6 applications or dualstack subnets, using IPv6.

  • Be sure to install a web server, such as Apache or Internet Information Services (IIS), on each EC2 instance. Ensure that the security groups for these instances allow HTTP access on port 80.

Create your load balancer

To create your first load balancer, complete the following steps.

To create a load balancer
  1. Use the create-load-balancer command to create a load balancer. You must specify two subnets that are not from the same Availability Zone.

    aws elbv2 create-load-balancer --name my-load-balancer \ --subnets subnet-0e3f5cac72EXAMPLE subnet-081ec835f3EXAMPLE --security-groups sg-07e8ffd50fEXAMPLE

    Use the create-load-balancer command to create a dualstack load balancer.

    aws elbv2 create-load-balancer --name my-load-balancer \ --subnets subnet-0e3f5cac72EXAMPLE subnet-081ec835f3EXAMPLE --security-groups sg-07e8ffd50fEXAMPLE --ip-address-type dualstack

    The output includes the Amazon Resource Name (ARN) of the load balancer, with the following format:

    arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456
  2. Use the create-target-group command to create a target group, specifying the same VPC that you used for your EC2 instances.

    You can create IPv4 and IPv6 target groups to associate with dualstack load balancers. The target group's IP address type determines the IP version that the load balancer will use to both communicate with, and check the health of, your backend targets.

    aws elbv2 create-target-group --name my-targets --protocol HTTP --port 80 \ --vpc-id vpc-0598c7d356EXAMPLE --ip-address-type [ipv4 or ipv6]

    The output includes the ARN of the target group, with this format:

    arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/1234567890123456
  3. Use the register-targets command to register your instances with your target group:

    aws elbv2 register-targets --target-group-arn targetgroup-arn \ --targets Id=i-0abcdef1234567890 Id=i-1234567890abcdef0
  4. Use the create-listener command to create a listener for your load balancer with a default rule that forwards requests to your target group:

    aws elbv2 create-listener --load-balancer-arn loadbalancer-arn \ --protocol HTTP --port 80 \ --default-actions Type=forward,TargetGroupArn=targetgroup-arn

    The output contains the ARN of the listener, with the following format:

    arn:aws:elasticloadbalancing:us-east-2:123456789012:listener/app/my-load-balancer/1234567890123456/1234567890123456
  5. (Optional) You can verify the health of the registered targets for your target group using this describe-target-health command:

    aws elbv2 describe-target-health --target-group-arn targetgroup-arn

Add an HTTPS listener

If you have a load balancer with an HTTP listener, you can add an HTTPS listener as follows.

To add an HTTPS listener to your load balancer
  1. Create an SSL certificate for use with your load balancer using one of the following methods:

  2. Use the create-listener command to create the listener with a default rule that forwards requests to your target group. You must specify an SSL certificate when you create an HTTPS listener. Note that you can specify an SSL policy other than the default using the --ssl-policy option.

    aws elbv2 create-listener --load-balancer-arn loadbalancer-arn \ --protocol HTTPS --port 443 \ --certificates CertificateArn=certificate-arn \ --default-actions Type=forward,TargetGroupArn=targetgroup-arn

Add path-based routing

If you have a listener with a default rule that forwards requests to one target group, you can add a rule that forwards requests to another target group based on URL. For example, you can route general requests to one target group and requests to display images to another target group.

To add a rule to a listener with a path pattern
  1. Use the create-target-group command to create a target group:

    aws elbv2 create-target-group --name my-targets --protocol HTTP --port 80 \ --vpc-id vpc-0598c7d356EXAMPLE
  2. Use the register-targets command to register your instances with your target group:

    aws elbv2 register-targets --target-group-arn targetgroup-arn \ --targets Id=i-0abcdef1234567890 Id=i-1234567890abcdef0
  3. Use the create-rule command to add a rule to your listener that forwards requests to the target group if the URL contains the specified pattern:

    aws elbv2 create-rule --listener-arn listener-arn --priority 10 \ --conditions Field=path-pattern,Values='/img/*' \ --actions Type=forward,TargetGroupArn=targetgroup-arn

Delete your load balancer

When you no longer need your load balancer and target group, you can delete them as follows:

aws elbv2 delete-load-balancer --load-balancer-arn loadbalancer-arn aws elbv2 delete-target-group --target-group-arn targetgroup-arn