Does AWS Application Load Balancer scan listening ports on the EC2 web servers?
We plan to have an Application Load Balancer (ALB) and a number of EC2 web servers behind it. All web servers listen on port 443 for HTTPS. On top of this, each web server listens on a different port for HTTPS.
For example:
- Instance 1 listens on 443 & 8001
- Instance 2 listens on 443 & 8002
- Instance 3 listens on 443 & 8003.
The number of servers are decided by the auto scaling group, and what port (8001, 8002, 8003, 8004, etc.) each server gets is dynamically allocated after the server boots up, by consulting a third arbitrator.
The desired way of the ALB is:
- When a client requests "www.mysite.com", the ALB forwards this request to one of the instances randomly or round-robin or using any other standard load-balancing algorithm.
- When a client requests "www.mysite.com:8001", the request is ALWAYS forwarded to instance 1.
- When a client requests "www.mysite.com:8002", the request is ALWAYS forwarded to instance 2.
- When a client requests "www.mysite.com:8003", the request is ALWAYS forwarded to instance 3.
MY QUESTION IS:
Is ALB currently doing this by default, or do we need some kind of special configuration, or do we need a different kind of ALB?
This system is currently hosted in Azure and Azure load balancer readily does that. Now I need to replicate it in AWS.
Solution 1:
You can have many different Target Groups attached to a single ALB.
For example:
- Listener on ALB port 443 will route to
TG443
that includes all the 3 instances and forwards to their port 443 - Listener on ALB port 8001 will route to
TG8001
that only includes instance 1 and will forward to its port 8001 - ditto for 8002 and 8003
Hope that helps :)
Solution 2:
ALB won't do this by default the moment you create it. You can have a Target Group for all three instances set up for port 443/tcp initially and then you can set additional TG for each individual instance and create forwarding rules for each specific port/instance(TG) pair.
You'll end up having the same ALB endpoint (URL) and for all and you get the exact response for the different ports.
Also, the target groups will do a health check on the selected port.