AWS Solutions Architect Professional Week-2

Topics to be covered:
Week Broader Topic Topics Tools to be
covered

1. Introduction to Amazon EC2

Load Balancing
1.1 Benefits of Load Balancer
1.2 Key Features of Elastic
Load Balancing
2. Working on Amazon EC2 Load
Balancer
2.1 Availability Zones and
load balancer nodes
AWS Compute 2.2 Cross-zone load balancing
5 Service 2.3 Zonal shift Amazon EC2-
2.4 Request routing Load balancers
2.5 Routing algorithm
2.6 HTTP connections
3. Security in Elastic Load
Balancing
3.1 Compliance Validation for
Elastic Load Balancing
4. Compliance validation for
Elastic Load Balancing
5. Resilience in Elastic Load
Balancing
6. Infrastructure security in Elastic
Load Balancing
6.1 Network isolation
6.2 Controlling network
traffic
7. Lab on Creating an Application
Load Balancer

1
AWS Solutions Architect Professional Week-2

1. Introduction to Amazon EC2 Load Balancing:

Amazon Elastic Compute Cloud (EC2) is a web service provided by Amazon Web Services
(AWS) that offers resizable compute capacity in the cloud. Amazon EC2 Load Balancer is a
service provided by AWS that distributes incoming traffic across multiple Amazon EC2
instances to improve the availability and scalability of applications.

An EC2 Load Balancer can be configured to distribute traffic across one or more availability
zones. It can route traffic to the most available instances, monitor the health of the
instances, and redirect traffic to healthy instances if necessary. EC2 Load Balancer supports
three different types of load balancers: Application Load Balancer, Network Load Balancer,
and Classic Load Balancer.

1.1 Benefits of Load Balancer:

Amazon Load Balancer is a widely used service offered by Amazon Web Services (AWS) that
helps distribute traffic across multiple resources, such as servers or containers, in order to
optimize performance, increase availability, and enhance the overall user experience. Some
benefits of using Amazon Load Balancer include:

● High availability: Amazon Load Balancer provides a highly available and fault-tolerant
architecture that ensures that traffic is always routed to available and healthy
resources, even in the case of failures or outages.
● Scalability: Amazon Load Balancer helps to easily scale resources up or down as
needed to handle varying levels of traffic. It also supports auto-scaling and dynamic
scaling to automatically adjust resources based on demand.

2
AWS Solutions Architect Professional Week-2

● Improved performance: Amazon Load Balancer can help improve application

performance by distributing traffic to resources based on various factors, such as
proximity, latency, and health, which can reduce response times and increase
throughput.
● Simplified management: Amazon Load Balancer makes it easy to manage and deploy
resources by automating many of the tasks involved in load balancings, such as
monitoring and health checks, and providing a simple and intuitive interface for
configuration and management.
● Security: Amazon Load Balancer provides built-in security features, such as SSL/TLS
termination, encryption, and access controls, to help protect against threats and
vulnerabilities.
● Cost-effective: Amazon Load Balancer offers a cost-effective solution for load
balancing by providing a pay-as-you-go pricing model that charges only for the
resources used and offers various pricing options, such as on-demand and reserved
instances.
● Integration with AWS services: Amazon Load Balancer integrates seamlessly with
other AWS services, such as Elastic Compute Cloud (EC2), Elastic Container Service
(ECS), and Auto Scaling, to provide a comprehensive solution for load balancing in
the cloud.

By using, Amazon Load Balancer can provide several benefits, such as high availability,
scalability, improved performance, simplified management, security, cost-effectiveness, and
integration with other AWS services.

1.2 Key Features of Elastic Load Balancing:

With the help of the web service Amazon Elastic Load Balancer (ELB), which is offered by
Amazon Web Services (AWS), web applications can be scaled and made highly available by
automatically distributing incoming web traffic among several EC2 instances. Application
load balancers, network load balancers, and classic load balancers are the three different
types of elastic load balancers. The main characteristics of the Application Load Balancer
and the Network Load Balancer will be the subject of this response.

1. Application Load Balancer (ALB): The ALB is best suited for web applications that need
complex routing capabilities, such as microservices-based applications. It is meant to deal
with HTTP and HTTPS traffic. ALB's salient characteristics include:

● Advanced routing: ALB is capable of rerouting traffic based on HTTP headers, host
and path-based routing, and traffic redirection from HTTP to HTTPS.

3
AWS Solutions Architect Professional Week-2

● Auto Scaling: Auto-scaling makes sure that your application can withstand traffic
spikes without the need for manual intervention. ALB can automatically scale up or
down according to traffic demand.
● Health checks: ALB keeps track of the EC2 instances it has registered and only sends
traffic to healthy ones.
● TLS offloading: To enhance application performance and lighten the load on the
registered EC2 instances, ALB can offload the decryption of SSL/TLS communication.
● Sticky Sessions: ALB has the ability to keep sessions sticky, ensuring that a client is
sent to the same EC2 instance during the session.

2. Network Load Balancer (NLB): The NLB is ideally suited for applications that demand
extremely high throughput and low latency. It is meant to work with TCP, UDP, and TLS
data. NLB's salient characteristics include:

● Extremely high throughput: NLB has extremely low latency and can handle millions
of requests per second.
● Static IP addresses: As the endpoint for your application, NLB offers a static IP
address.
● Cross-zone load balancing: To increase application availability, NLB can uniformly
distribute traffic among EC2 instances located in several availability zones.
● Health checks: NLB keeps track of the EC2 instances it has registered and only sends
traffic to healthy ones.
● TLS termination: NLB has the ability to stop SSL/TLS traffic, offloading the decryption
of that traffic from the registered EC2 instances, enhancing performance, and
lowering the strain on those instances.

Elastic Load Balancers are an essential part of AWS services that give web applications
excellent availability, scalability, and reliability. The proper load balancer to choose will
depend on the particular needs of your application.

2. Working of Amazon EC2 Load Balancer:

Amazon Elastic Compute Cloud (EC2) Load Balancer is a service that helps distribute
incoming traffic across multiple Amazon EC2 instances, improving application availability
and scalability. It allows you to add or remove instances from your load balancer as traffic
demands change, and it also monitors the health of your instances and automatically routes
traffic only to healthy instances.

1. Here's a high-level overview of how Amazon EC2 Load Balancer works:

4
AWS Solutions Architect Professional Week-2

2. When a client sends a request to your application, it is first routed to the load
balancer.
3. The load balancer evaluates the request and decides which backend server (EC2
instance) to route the request to.
4. The load balancer sends the request to the selected EC2 instance.
5. The EC2 instance processes the request and sends the response back to the load
balancer.
6. The load balancer sends the response back to the client.

There are two types of load balancers in Amazon EC2:

Application Load Balancer (ALB): This works at the application layer (Layer 7) and routes
traffic based on the content of the request, such as the URL or headers.
Network Load Balancer (NLB): It works at the transport layer (Layer 4) and routes traffic
based on IP protocol data.
Both types of load balancers can be used to distribute traffic across multiple availability
zones to improve application availability and ensure high scalability.

2.1 Availability Zones and load balancer nodes:

Availability Zones (AZs) and load balancer nodes are two concepts commonly used in cloud
computing environments to ensure the high availability and scalability of applications and
services.

Availability Zones are physical data center locations within a cloud provider's infrastructure
that are isolated from each other. Each AZ is designed to be highly available and fault-
tolerant, with redundant power, cooling, and networking systems. By distributing resources
across multiple AZs, cloud providers can provide customers with a high level of availability
and resilience against failures or disruptions in a single location.

Load balancer nodes are another key component of cloud-based applications. Load
balancers are devices or software that distribute incoming network traffic across multiple
servers or instances, ensuring that no single server becomes overloaded or unavailable.
Load balancer nodes are the individual instances of load balancers that are deployed within
an environment.

In a typical cloud deployment, load balancer nodes are distributed across multiple
Availability Zones to ensure high availability and scalability. By distributing load balancer
nodes across different AZs, organizations can ensure that even if an entire AZ goes down,
their applications and services will still be available through other AZs.

Availability Zones and load balancer nodes are two key components of a highly available and
scalable cloud environment. By leveraging these concepts, organizations can ensure that
their applications and services remain available and performant, even in the face of
unexpected disruptions or high traffic loads.

5
AWS Solutions Architect Professional Week-2

2.2 Cross-zone load balancing:

Cross-zone load balancing is a feature in Amazon Elastic Load Balancer (ELB) that allows the
load balancer to distribute incoming traffic across all healthy instances in all availability
zones (AZs) attached to the load balancer, regardless of which AZ the traffic originated from.

In traditional load balancing, the load balancer distributes traffic evenly across instances
only within the same availability zone, which can lead to uneven distribution of traffic if one
AZ has more healthy instances than others. With cross-zone load balancing, traffic is
distributed evenly across all healthy instances, regardless of their AZ, which helps to achieve
higher availability and better resource utilization. For example, if one availability zone has
fewer instances or experiences high traffic loads, the cross-zone load balancing feature
ensures that traffic is automatically redirected to healthy instances in other zones. By
default, cross-zone load balancing is enabled in Amazon Elastic Load Balancer, and there is
no additional cost for using this feature. However, it's worth noting that there may be
additional data transfer charges for traffic that crosses availability zone boundaries.

Suppose you have an application deployed across multiple EC2 instances in two availability
zones (AZs) - us-east-1a and us-east-1b - with an Elastic Load Balancer (ELB) in front of them.
In the traditional load-balancing approach, the ELB would distribute traffic evenly only
across instances within the same AZ.

However, with cross-zone load balancing enabled, the ELB would distribute traffic evenly
across all healthy instances in both availability zones, regardless of which AZ the traffic
originated from. For example, if there are two healthy instances in us-east-1a and four
healthy instances in us-east-1b, the ELB would distribute traffic across all six instances
evenly. Now, let's say that us-east-1a experiences high traffic loads, and one of the instances
becomes unavailable due to a hardware failure. In this case, the cross-zone load balancing
feature automatically routes traffic to the healthy instances in the other availability zone,
without affecting the application's availability.

Without cross-zone load balancing, the remaining instance in us-east-1a would have to
handle all the incoming traffic, potentially leading to performance issues or downtime.
However, with cross-zone load balancing, the ELB is able to dynamically route traffic to the
healthy instances in the other availability zone, ensuring that the application remains
available and performs well.

Cross-zone load balancing is a valuable feature for ensuring high availability and scalability
in multi-AZ deployments in Amazon EC2. Distributing traffic evenly across all healthy
instances in all availability zones helps to achieve better resource utilization and automatic
failover, improving the overall performance and reliability of applications.

Only Application Load Balancers and Network Load Balancers with cross-zone load balancing
disabled support zonal shifts. You cannot begin a zonal shift if cross-zone load balancing is
enabled.

6
AWS Solutions Architect Professional Week-2

2.3 Zonal shift:

The zonal shift is an Amazon Route 53 Application Recovery Controller (Route 53 ARC)
feature. You can use zonal shift to move a load balancer resource away from an impaired
Availability Zone in a single action. This allows you to continue operating from other healthy
AWS Region Availability Zones.

When you initiate a zonal shift, your load balancer stops sending traffic to the affected
Availability Zone for the resource. The zonal shift is instantly created by Route 53 ARC.
However, existing, in-progress connections in the impacted Availability Zone may require a
short period, typically a few minutes.

Before employing a zonal shift, consider the following:

● With zonal shifts, cross-zone load balancing is not supported. To use this feature, you
must disable cross-zone load balancing.
● The zonal shift is not supported when utilizing an Application Load Balancer as an
accelerator endpoint in AWS Global Accelerator.
● Only one Availability Zone can initiate a zonal shift for a certain load balancer. A
zonal shift for several Availability Zones cannot be initiated.
● When various infrastructure faults damage services, AWS removes zonal load
balancer IP addresses from DNS proactively. Before beginning a zonal shift, always
check the current Availability Zone capacity. If you disable cross-zone load balancing
on your load balancers and then use a zonal shift to remove a zonal load balancer IP
address, the Availability Zone affected by the zonal shift loses target capacity.
● When an Application Load Balancer is a target of a Network Load Balancer, the zonal
shift should always begin with the Network Load Balancer. If you initiate a zonal shift
from the Application Load Balancer, the Network Load Balancer is unaware of the
change and continues to send traffic to the Application Load Balancer.

2.4 Request routing:

A Domain Name System (DNS) server resolves the load balancer's domain name before a
client sends a request to it. Because your load balancers are on the amazonaws.com
domain, Amazon controls the DNS entry. The Amazon DNS servers provide the client with
one or more IP addresses. The load balancer nodes in your load balancer are located at
these IP addresses.

Elastic Load Balancing generates a network interface for each Availability Zone that you
configure and utilizes it to obtain a static IP address using Network Load Balancers. When
you construct the Network Load Balancer, you can optionally assign one Elastic IP address to
each network interface.

7
AWS Solutions Architect Professional Week-2

Elastic Load Balancing adjusts your load balancer and updates the DNS entry as traffic to
your application changes over time. The DNS entry additionally defines a 60-second time-to-
live (TTL). This ensures that IP addresses can be promptly remapped in response to changing
traffic.

The client chooses the IP address to use while sending requests to the load balancer. The
load balancer node that receives the request chooses a healthy registered target and
forwards the request to it using the target's private IP address.

2.5 Routing algorithm:

The load balancer node that receives the request with application load balancers performs
the following procedure:

● Determines which rule should be applied by ranking the listener rules.

● Selects a target from the target group for the rule action using the target group's
established routing mechanism. Round robin is used as the default routing
algorithm. Even when a target is registered with numerous target groups, routing is
carried out independently for each of them.

The network load balancer node that receives the connection employs the subsequent
procedure:

1. Uses a flow hash algorithm to choose a target from the target group for the default rule.
The algorithm is based on:

● The procedure

● The source port and IP address

● The target port number and IP address

● That of the TCP sequence number

2. Sends every individual TCP connection, for the duration of the connection, to a single
target. A client's TCP connections can be routed to various targets and have various source
ports and sequence numbers.

When using a classic load balancer, the node that receives the request chooses a registered
instance in the manner described below:

● Use round-robin routing for TCP listeners.

● Use the least outstanding requests routing method for HTTP and HTTPS listeners.

8
AWS Solutions Architect Professional Week-2

2.6 HTTP connections:

Application Load Balancers do not employ pre-open connections, but classic load balancers
do. Both Application Load Balancers and Classic Load Balancers use connection multiplexing.
This implies that requests can be routed to a specific target from various clients using
various front-end connections using a single backend connection. The strain on your apps is
decreased and latency is improved through connection multiplexing. By setting the
Connection: close header in your HTTP answers, you can stop connection multiplexing by
disabling HTTP keep-alive headers.

Pipelined HTTP on front-end connections is supported by Application Load Balancers and

Classic Load Balancers. Pipelined HTTP is not supported on the backend connections.

Application Load Balancers support HTTP/0.9, HTTP/1.0, HTTP/1.1, and HTTP/2 for front-end
connections. Only HTTPS listeners are compatible with HTTP/2, and one HTTP/2 connection
can send up to 128 simultaneous requests. Additionally, connection upgrades from HTTP to
WebSockets are supported by application load balancers. Application Load Balancer listener
routing rules and AWS WAF integrations do not, however, hold true in the event of a
connection upgrade.

Application load balancers by default connect to registered targets through HTTP/1.1 on the
backend. On the other hand, you can use HTTP/2 to deliver the request to the targets using
the protocol version. See Protocol versions for more details. On backend connections, the
keep-alive header is supported by default. The load balancer creates a host header for
HTTP/1.1 requests made on the backend connections for HTTP/1.0 requests from clients
without a host header. The DNS name of the load balancer is contained in the host header.

On front-end connections (client to load balancer), traditional load balancers support

HTTP/0.9, HTTP/1.0, and HTTP/1.1. On backend connections (load balancing to registered
targets), they employ HTTP/1.1. On backend connections, the keep-alive header is
supported by default. The load balancer creates a host header for HTTP/1.1 requests made
on the backend connections for HTTP/1.0 requests from clients without a host header. The
load balancer node's IP address can be found in the host header.

3. Security in Elastic Load Balancing

A managed service called Amazon Elastic Load Balancing (ELB) aids in dividing incoming
traffic among various EC2 instances. ELB provides various security features to ensure the
security of the traffic flowing through it. Here are some key security features of ELB:

● SSL/TLS encryption: ELB supports SSL/TLS encryption to secure communication

between clients and the load balancer. You can upload your SSL/TLS certificate to
ELB or use the Amazon Certificate Manager (ACM) to manage your SSL/TLS
certificates.

9
AWS Solutions Architect Professional Week-2

● Security groups: You can configure security groups to control the traffic that is
allowed to reach your EC2 instances. You can specify rules that allow traffic only
from the load balancer, or you can restrict traffic to specific ports and protocols.
● Access logs: ELB can generate access logs that provide detailed information about
the incoming traffic, including the source IP address, user agent, and request path.
You can use these logs to monitor traffic patterns and detect potential security
threats.
● Health checks: ELB performs regular health checks on your EC2 instances to ensure
that they are running and responding to requests. You can configure the health
check settings to specify the protocol, port, and path that ELB uses to check the
health of your instances.
● AWS WAF: You can use the AWS Web Application Firewall (WAF) to protect your
applications running on EC2 instances behind the ELB. AWS WAF provides a set of
rules to protect against common web exploits, such as SQL injection and cross-site
scripting (XSS).

ELB provides a range of security features that help to protect your applications running on
EC2 instances. By leveraging these features, you can ensure that your applications are
secure and available to your users.

3.1 Data Protection in Elastic Load Balancing:

Amazon Elastic Load Balancing (ELB) provides several features to help protect your data,
both in transit and at rest. Here are some key data protection features of ELB:

● SSL/TLS encryption: ELB supports SSL/TLS encryption to secure communication

between clients and the load balancer. You can upload your SSL/TLS certificate to
ELB or use the Amazon Certificate Manager (ACM) to manage your SSL/TLS
certificates.
● Server Name Indication (SNI): ELB supports SNI, which allows multiple SSL/TLS
certificates to be used on a single IP address. This means that ELB can support
multiple domain names with different SSL/TLS certificates without requiring a
dedicated IP address for each domain.
● Secure cookie handling: ELB can insert a secure cookie into the HTTP response sent
to clients. This cookie contains a unique identifier that is used to route subsequent
requests to the same backend instance. This helps to protect against session
hijacking and other attacks.

10
AWS Solutions Architect Professional Week-2

● Cross-zone load balancing: ELB can distribute traffic evenly across multiple
availability zones, which helps to protect against failures in a single availability zone.
This feature ensures that your data is still available even if an entire availability zone
becomes unavailable.
● Automatic SSL/TLS certificate renewal: If you use ACM to manage your SSL/TLS
certificates, ELB can automatically renew your certificates before they expire. This
helps to ensure that your applications remain secure and available.

Encryption at rest and encryption in transit are two different types of data encryption that
are commonly used to secure data in EC2 load balancers.

Encryption at rest: Encryption at rest refers to the process of encrypting data while it is
stored on a storage device, such as a hard drive or a database. This encryption ensures that
if the storage device is lost, stolen, or accessed by unauthorized users, the data will remain
secure and protected. In the context of EC2 load balancers, encryption at rest typically
involves encrypting the data stored on the backend instances, which can be achieved using
various encryption technologies, such as AWS Key Management Service (KMS) or third-party
encryption solutions.

Encryption in transit: on the other hand, refers to the process of encrypting data as it
travels between different devices or systems. In the context of EC2 load balancers,
encryption in transit typically involves using SSL/TLS encryption to secure the
communication between the load balancer and the client. SSL/TLS encryption ensures that
the data is encrypted as it travels over the internet, making it much more difficult for
unauthorized users to intercept and access the data.

Encryption at rest and encryption in transit are both important measures for securing data
in EC2 load balancers. By leveraging both types of encryptions, you can ensure that your
data remains secure and protected both while it is being stored and while it is in transit.

4. Compliance validation for Elastic Load Balancing

Amazon Elastic Load Balancing (ELB) provides several compliance certifications and
attestations that can help you meet regulatory requirements for your applications. Here are
some of the compliance certifications and attestations that ELB supports:

PCI DSS: ELB is certified as compliant with the Payment Card Industry Data Security Standard
(PCI DSS), which is a set of security standards designed to ensure the safe handling of credit
card information.

HIPAA: ELB is compliant with the Health Insurance Portability and Accountability Act
(HIPAA), which is a US law that regulates the handling of sensitive healthcare information.

11
AWS Solutions Architect Professional Week-2

SOC: ELB has undergone Service Organization Control (SOC) audits, which are conducted by
independent auditors to ensure that a service provider has appropriate controls in place to
protect customer data.

ISO: ELB is certified as compliant with the International Organization for Standardization
(ISO) 27001 standard, which is a globally recognized standard for information security
management.

In addition to these certifications and attestations, ELB provides several security features
and tools that can help you meet compliance requirements for your applications. For
example, ELB provides access logs that can be used for auditing and compliance reporting,
and AWS Config can be used to monitor compliance with various AWS and industry
standards.

5. Resilience in Elastic Load Balancing

Resilience is a key feature of Amazon Elastic Load Balancing (ELB) that helps ensure high
availability and reliability for your applications. ELB provides several features to help make
your applications more resilient, including:

● Automatic failover: ELB automatically detects and routes traffic away from unhealthy
instances to healthy instances, helping to minimize downtime and ensure high
availability for your applications.
● Health checks: ELB performs regular health checks on your backend instances to
ensure they are healthy and can handle incoming traffic. If an instance fails a health
check, ELB will route traffic away from that instance until it has been restored to a
healthy state.
● Cross-zone load balancing: ELB can distribute traffic evenly across multiple
availability zones, helping to ensure that your applications remain available even if
an entire availability zone becomes unavailable.
● Auto Scaling: ELB can work with Auto Scaling to automatically scale your applications
up or down based on demand. This helps to ensure that your applications can handle
spikes in traffic without experiencing downtime or performance issues.
● Connection draining: When an instance is being taken out of service, ELB can
perform connection draining to ensure that existing connections are gracefully
terminated before the instance is shut down. This helps to ensure that users are not
disconnected or experience errors when instances are being replaced.

The resilience features of ELB help to ensure that your applications are highly available,
reliable, and able to handle spikes in traffic without experiencing downtime or performance
issues. By leveraging these features, you can build robust and resilient applications that are
able to meet the needs of your users and customers.

12
AWS Solutions Architect Professional Week-2

6. Infrastructure security in Elastic Load Balancing

Infrastructure security is a critical aspect of Elastic Load Balancing (ELB) in Amazon EC2
service. ELB provides several security features and tools to help ensure the security of the
underlying infrastructure that powers your applications. Here are some of the key
infrastructure security features of ELB:

● Network security: ELB operates within a highly secure network environment that is
designed to protect against various types of network-based attacks, such as denial-
of-service (DoS) attacks and port scanning.
● DDoS protection: ELB provides built-in protection against Distributed Denial of
Service (DDoS) attacks, which can help ensure the availability and uptime of your
applications.
● Secure communication: ELB supports SSL/TLS encryption for secure communication
between the load balancer and the backend instances, which helps to protect
against eavesdropping, data tampering, and other types of attacks.
● Access control: ELB provides several features for controlling access to your load
balancer, including security groups, network ACLs, and IAM policies. These features
can help ensure that only authorized users and applications have access to your load
balancer.
● Compliance: ELB supports several compliance certifications and attestations,
including PCI DSS, HIPAA, SOC, and ISO 27001. These certifications and attestations
can help ensure that your applications are compliant with various regulatory
requirements.

The infrastructure security features of ELB help to ensure that the underlying infrastructure
powering your applications is secure and protected against various types of attacks and
threats. By leveraging these features, you can build applications that are highly available,
scalable, and secure, and that can meet the needs of your users and customers.

6.1 Network isolation:

Network isolation is an important security feature for Elastic Load Balancing (ELB) in Amazon
EC2, as it helps to ensure that your applications are protected from unauthorized access and
attacks. Network isolation in ELB is achieved through the use of Amazon VPC (Virtual Private
Cloud) and security groups.

When you create an ELB, you can choose to launch it in a specific VPC, which provides a
private, isolated network environment for your load balancer and backend instances. Within
the VPC, you can use security groups to control inbound and outbound traffic to your load
balancer and instances. Security groups act as virtual firewalls that allow you to specify the
type of traffic that is allowed to enter or leave your load balancer and instances based on

13
AWS Solutions Architect Professional Week-2

specific rules. By using VPC and security groups, you can create a network environment that
is isolated from the public internet and other networks, which helps to reduce the attack
surface and minimize the risk of unauthorized access or attacks. You can also use features
like Network ACLs and VPC Flow Logs to monitor and control network traffic to and from
your load balancer and instances.

In addition to network isolation, ELB also provides other security features such as SSL/TLS
encryption, DDoS protection, and access control. By leveraging these features, you can build
applications that are highly available, reliable, and secure, and that can meet the needs of
your users and customers.

6.2 Controlling network traffic:

Controlling network traffic is an important aspect of Elastic Load Balancing (ELB) in Amazon
EC2, as it helps to ensure that your applications are secure, reliable, and performant. ELB
provides several tools and features for controlling network traffic, including:

● Security groups: Security groups act as virtual firewalls that allow you to control
inbound and outbound traffic to your load balancer and instances based on specific
rules. You can specify rules that allow or deny traffic based on the protocol, port, and
IP address or CIDR range.
● Network ACLs: Network Access Control Lists (ACLs) are an additional layer of security
that you can use to control traffic to and from your load balancer and instances.
Network ACLs are stateless and operate at the subnet level, allowing you to specify
rules that apply to inbound or outbound traffic based on the source or destination IP
address, protocol, and port.
● Listener rules: ELB allows you to specify listener rules that control how traffic is
distributed to backend instances based on specific criteria, such as the URL path,
HTTP headers, or host headers. This allows you to route traffic to specific instances
or groups of instances based on the type of traffic.
● Health checks: ELB performs regular health checks on your backend instances to
ensure they are healthy and can handle incoming traffic. If an instance fails a health
check, ELB will route traffic away from that instance until it has been restored to a
healthy state.
● VPC Flow Logs: VPC Flow Logs is a feature that allows you to capture information
about the traffic flowing to and from your load balancer and instances. This can help
you to monitor and troubleshoot network traffic and identify potential security
threats or performance issues.

The network traffic control features of ELB help to ensure that your applications are secure,
reliable, and performant and that they can meet the needs of your users and customers. By

14
AWS Solutions Architect Professional Week-2

leveraging these features, you can build applications that are highly available, scalable, and
secure, and that can deliver a great user experience.

7. Lab on Creating an Application Load Balancer:

Step 1: Configure your target group

To configure your target group

● Open the Amazon EC2 console and navigate to the EC2 dashboard.

● In the navigation pane, select “Load Balancers.”

● Click the “Create Load Balancer” button.

● Select “Application Load Balancer” from the list of load balancer types.

15
AWS Solutions Architect Professional Week-2

● Configure the basic settings for the load balancer, such as its name, the VPC it should
reside in, and the availability zones where you want to deploy it.

16
AWS Solutions Architect Professional Week-2

● Set up the load balancer's listeners. A mechanism known as a listener is one that
monitors connection requests from clients and sends them to the appropriate target
audiences.

● Click on Create Target group link shown in the below picture.

● Make a target group or groups. The load balancer directs traffic to a logical set of
instances known as a target group.

17
AWS Solutions Architect Professional Week-2

● Set up
health
check-
ups for
the
target

populations. A target's health and ability to receive traffic from the load balancer are
determined by the health check.

● Now move to the next page after clicking on the “Next” button.

18
AWS Solutions Architect Professional Week-2

● In order to add targets in the Target group we need to create some ec2 instances in
the
subnets
which
we
have

selected in “Network Mapping”.

● No
w

19
AWS Solutions Architect Professional Week-2

just launch the Machine1(Linux) which we have created in Subnet us-east-1a

and create another Machine2 (Linux) in Subnet us-east-1b.

● Both the Ec2 instances are up and running

20
AWS Solutions Architect Professional Week-2

● N
o
w
go back to the load balancer target group page and refresh it. We are able to see
the ec2 instances which we have just created. Now add register these instances
as targets of target groups in the load balancer.

● Select the EC2 instances and click on the “include as pending below” button.

● Register targets with the target group. You can do this manually or use auto-scaling
groups to automatically add or remove instances as needed.
● Now click on the “Create target group” button

21
AWS Solutions Architect Professional Week-2

● Go back to the “listeners and routing “page of the load balancer and select the target
group which we have just created.

● Click on the “Create load balancer” button

22
AWS Solutions Architect Professional Week-2

Step2: Working of load balancer:

● Host any sample html page on both the EC2 instances

Machine 1

23
AWS Solutions Architect Professional Week-2

Output Page –
Machine1

Machine2

24
AWS Solutions Architect Professional Week-2

Output Page – Machine2

Step3: Output of Load balancer

● Select Description, then copy the load balancer's DNS name.

● Insert the DNS name into the web browser's address bar if it is connected to the
internet. The default page of your server is shown by the browser if everything is
functioning properly.

25
AWS Solutions Architect Professional Week-2

Output:

Step 4: Cleanup process for the Load balancer

● Select the load balancer and click on “Delete load balancer”

● Select the Ec2 instances and Terminate the instances.

26
AWS Solutions Architect Professional Week-2

7. Case Study: AWS EC2 Load Balancer

Introduction:

The case study project revolves around a large e-commerce organization that experienced
significant growth in its online traffic. As a result, their existing infrastructure struggled to
handle the increased load, resulting in performance issues and occasional outages. To
address this problem, the organization decided to leverage AWS services, specifically AWS
EC2 Load Balancer, to enhance its infrastructure's scalability, reliability, and performance.

Challenges:

The organization faced several challenges due to the increased traffic and performance
issues. Some of the key challenges were:

1. Scalability: The existing infrastructure was unable to handle the growing number of
requests, leading to slower response times and decreased customer satisfaction.

2. Reliability: The infrastructure suffered from occasional outages and failures, resulting in
lost revenue and a negative impact on the organization's reputation.

3. Performance: High traffic loads caused bottlenecks, resulting in increased latency and
degraded performance.

Solution:

27
AWS Solutions Architect Professional Week-2

To overcome the challenges, the organization implemented the following solution using
AWS EC2 Load Balancer:

1. Load Balancer Configuration: The organization configured an AWS EC2 Load Balancer to
distribute incoming traffic across multiple EC2 instances. This helped achieve better
scalability and improved the overall availability of the application.

2. Auto Scaling: Leveraging AWS Auto Scaling, the organization set up policies to
automatically adjust the number of EC2 instances based on the incoming traffic load. This
ensured that the infrastructure could handle varying traffic patterns while maintaining
optimal performance.

3. Elasticity: By utilizing the Elastic Load Balancing feature of AWS EC2 Load Balancer, the
organization could automatically scale the load balancer capacity to meet traffic demands.
This dynamic scaling capability enabled them to handle traffic spikes without manual
intervention.

4. Health Checks and Failover: The organization implemented health checks to monitor the
status of EC2 instances behind the load balancer. In case of failures, the load balancer
automatically redirected traffic to healthy instances, ensuring high availability and
minimizing downtime.

Results:

The implementation of AWS EC2 Load Balancer yielded significant benefits for the
organization:

1. Improved Scalability: The load balancer enabled the organization to handle increased
traffic by distributing it across multiple EC2 instances. This resulted in improved response
times and eliminated performance bottlenecks.

2. Enhanced Reliability: The health check and failover mechanisms provided by the load
balancer ensured that the application remained highly available even in the event of
instance failures. This increased reliability and reduced downtime, leading to improved
customer satisfaction.

3. Better Performance: By dynamically scaling the load balancer capacity and automatically
adjusting the number of EC2 instances, the organization achieved better performance
during peak traffic periods. This resulted in faster response times and a seamless user
experience.

4. Cost Optimization: With AWS Auto Scaling, the organization could scale the infrastructure
based on demand, avoiding overprovisioning and reducing infrastructure costs during
periods of low traffic.

28
AWS Solutions Architect Professional Week-2

Learnings and Conclusion:

This case study highlights the following key learnings:

1. Scalability and Elasticity: AWS EC2 Load Balancer provides a scalable and elastic solution
for handling high-traffic loads. By distributing traffic across multiple instances and
dynamically adjusting capacity, organizations can achieve improved scalability and handle
varying workloads effectively.

2. High Availability: Implementing health checks and failover mechanisms offered by the
load balancer can significantly enhance application reliability. It ensures that the system
remains operational even in the face of instance failures, thereby minimizing downtime and
improving the user experience.

3. Cost Optimization: Leveraging AWS Auto Scaling allows organizations to optimize

infrastructure costs by automatically adjusting resources based on demand. This ensures
that resources are provisioned efficiently, leading to cost savings during periods of low
traffic.

By utilizing AWS EC2 Load Balancer and its associated features, the organization successfully
addressed the challenges of scalability, reliability, and performance. The implementation
resulted in improved response times, enhanced reliability, better performance, and cost
optimization. The learnings from this case study can be applied to similar situations to build
scalable, reliable, and high-performing infrastructures in the cloud.

29