AWS GovCloud (US-West) User Guide
AWS GovCloud (US-West) User Guide

Elastic Load Balancing

Elastic Load Balancing automatically distributes your incoming application traffic across multiple targets, such as EC2 instances. It monitors the health of registered targets and routes traffic only to the healthy targets. Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.

Elastic Load Balancing supports three types of load balancers: Application Load Balancer, Network Load Balancer, and Classic Load Balancer. All three types of load balancers are supported in AWS GovCloud (US-West).

The following list details the differences for using this service in the AWS GovCloud (US-West) Region compared to other AWS Regions:

  • Your load balancer must run in a virtual private cloud (VPC).

  • Because Elastic Load Balancing must run in a VPC, Classic Load Balancer does not provide IPV6 capability that is offered in standard AWS Regions when running outside of a VPC. Application Load Balancer supports IPv6 in VPCs in all regions including AWS GovCloud (US-West).

  • ITAR data must be encrypted in transit outside of the ITAR boundary. Because Elastic Load Balancing uses global DNS servers, ITAR traffic across Elastic Load Balancing must be encrypted.

    • You can use SSL certificates on your Classic and Application load balancers only. Network Load Balancers don't support SSL/TLS termination yet. For more information, see Replace the SSL Certificate for Your Load Balancer. The Elastic Load Balancing SSL termination is not FIPS 140-2 compliant.

    • You can also use Network Load Balancer to pass TCP traffic and terminate SSL on your web server.

  • Elastic Load Balancing uses the following account ID. For information about when it is used, see Attach a Policy to Your Amazon S3 Bucket.

    Region Elastic Load Balancing Account ID
    us-gov-west-1 048591011584

For more information about Elastic Load Balancing, see the Elastic Load Balancing documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in the AWS GovCloud (US-West) Region. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in the AWS GovCloud (US-West) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data transmitted through Elastic Load Balancing must be encrypted if it contains ITAR-regulated data. Encryption must be used both between clients and the load balancer and between the load balancer and registered instances. It is strongly recommended that Backend Authentication is enabled to enforce public key authentication of the registered instance.

  • All customer parameters provided as input to Elastic Load Balancing (via console, APIs, or other mechanism) are not permitted to contain ITAR-regulated data. Examples include the names of load balancers and the names of load balancer policies.

  • Do not enter ITAR-regulated data in the following fields:

    • Resource tags

If you are processing ITAR-regulated data with this service, use the SSL (HTTPS) endpoint to maintain ITAR compliance. For a list of endpoints, see AWS GovCloud (US-West) Endpoints.

On this page: