Skip to content

loadBalancer

View Source

Application Load Balancers (ALBs) in AWS distribute incoming HTTP/HTTPS traffic across multiple targets. Stackattack creates ALBs with SSL termination, health checks, and integration with ECS services for high availability web applications.

import * as saws from "@stackattack/aws";
const ctx = saws.context();
const network = saws.vpc(ctx);
const lb = saws.loadBalancer(ctx, {
network: network.network("public")
});
export const loadBalancerUrl = lb.url;

After deploying a load balancer, you can manage it using:

AWS CLI:

Terminal window
# View load balancer details
aws elbv2 describe-load-balancers --names your-load-balancer-name
# List target groups and their health
aws elbv2 describe-target-groups --load-balancer-arn arn:aws:elasticloadbalancing:...
aws elbv2 describe-target-health --target-group-arn arn:aws:elasticloadbalancing:...
# View listener rules and routing
aws elbv2 describe-listeners --load-balancer-arn arn:aws:elasticloadbalancing:...
aws elbv2 describe-rules --listener-arn arn:aws:elasticloadbalancing:...
# View access logs (if enabled)
aws s3 ls s3://your-alb-logs-bucket/AWSLogs/123456789012/elasticloadbalancing/

Testing Load Balancer:

Terminal window
# Test HTTP endpoint
curl -I http://your-alb-dns-name.us-east-1.elb.amazonaws.com
# Test HTTPS with custom domain
curl -I https://your-domain.com
# Test with custom headers for routing rules
curl -H "Host: api.example.com" http://your-alb-dns-name.us-east-1.elb.amazonaws.com

CloudWatch Metrics:

Terminal window
# View request count and latency metrics
aws cloudwatch get-metric-statistics --namespace AWS/ApplicationELB --metric-name RequestCount --dimensions Name=LoadBalancer,Value=app/your-lb-name/1234567890abcdef

Load balancers work together with other Stackattack components:

  • vpc - Provides public networking for internet-facing load balancers
  • service - Receives traffic routed through load balancers
  • certificate - Enables HTTPS termination at the load balancer

ALB costs are fixed hourly charges plus usage-based request processing:

  • Hourly rate - Each ALB costs ~$16.43/month (730 hours × $0.0225/hour) just for existing, regardless of traffic.

  • Load Balancer Capacity Units (LCUs) - You pay for the highest of: new connections/sec, active connections, bandwidth, or rule evaluations. Typical costs:

    • Light traffic: ~$5-10/month additional
    • Medium traffic (1000 req/min): ~$15-25/month additional
    • High traffic (10k req/min): ~$50-100/month additional
  • Data transfer - Standard AWS data transfer rates apply (~$0.09/GB out to internet). Internal VPC traffic is free.

  • SSL certificates - ACM certificates are free when used with ALBs. No additional cost for SSL termination.

Also note that (external) load balancers require a public ip address per subnet, and load balancers must be deployed in at least two subnets. Each public IP costs ~$3.60/month, so that adds an additional ~$7.40 minimum for the public IP addresses for external load balancers.

Cost optimization strategies:

  • Share ALBs across multiple services using listener rules (vs one ALB per service)
  • Use CloudFront in front of ALBs for static content and global acceleration
  • Consider Network Load Balancers for TCP traffic or when you need static IPs
  • Monitor LCU usage to identify cost drivers (connections, bandwidth, rules)

See ALB Pricing for current rates.

Creates a complete load balancer setup including security group, load balancer, and listeners. Automatically configures security rules for HTTP/HTTPS traffic.

function loadBalancer(ctx: Context, args: LoadBalancerArgs): LoadBalancerOutput
  • ctx (Context) - Pulumi context for resource naming and tagging
  • args (LoadBalancerArgs) - Configuration for the load balancer
  • (LoadBalancerOutput) - Creates a complete load balancer setup including security group, load balancer, and listeners. Automatically configures security rules for HTTP/HTTPS traffic.

Retrieves the full listener attributes from various input types.

function getListenerAttributes(input: Input<ListenerInput>): Output<Listener | GetListenerResult>
  • input (Input<ListenerInput>) - Listener input (ARN string, Listener resource, or query result)
  • (Output<Listener | GetListenerResult>) - Retrieves the full listener attributes from various input types.

Extracts the listener ARN/ID from various input types.

function getListenerId(input: Input<ListenerInput>): Output<string>
  • input (Input<ListenerInput>) - Listener input (ARN string, Listener resource, or query result)
  • (Output<string>) - Extracts the listener ARN/ID from various input types.

Retrieves the full load balancer attributes from various input types.

function getLoadBalancerAttributes(input: Input<LoadBalancerInput>): Output<LoadBalancer | GetLoadBalancerResult>
  • input (Input<LoadBalancerInput>) - Load balancer input (ARN string, LoadBalancer resource, or query result)
  • (Output<LoadBalancer | GetLoadBalancerResult>) - Retrieves the full load balancer attributes from various input types.

Extracts the load balancer ARN/ID from various input types.

function getLoadBalancerId(input: Input<LoadBalancerInput>): Output<string>
  • input (Input<LoadBalancerInput>) - Load balancer input (ARN string, LoadBalancer resource, or query result)
  • (Output<string>) - Extracts the load balancer ARN/ID from various input types.

Creates listeners for a load balancer. If a certificate is provided, creates both HTTP (redirect to HTTPS) and HTTPS listeners. Otherwise, creates only an HTTP listener. Both listeners return 404 by default.

function loadBalancerListener(ctx: Context, args: LoadBalancerListenerArgs): { listener: Listener; loadBalancer: Input<LoadBalancerInput> }
  • ({ listener: Listener; loadBalancer: Input<LoadBalancerInput> }) - Creates listeners for a load balancer. If a certificate is provided, creates both HTTP (redirect to HTTPS) and HTTPS listeners. Otherwise, creates only an HTTP listener. Both listeners return 404 by default.

Attaches an SSL certificate to a load balancer listener.

function loadBalancerListenerCertificate(ctx: Context, args: LoadBalancerListenerCertificateArgs): ListenerCertificate
  • (ListenerCertificate) - Attaches an SSL certificate to a load balancer listener.

Converts a LoadBalancerWithListener object to use ARN/ID strings instead of resources.

function loadBalancerListenerToIds(output: LoadBalancerWithListener): { listener: Output<string>; loadBalancer: Output<string> }
  • ({ listener: Output<string>; loadBalancer: Output<string> }) - Converts a LoadBalancerWithListener object to use ARN/ID strings instead of resources.

Creates a security group for load balancers with HTTP/HTTPS ingress rules. Allows inbound traffic on ports 80 and 443 from anywhere, and outbound traffic to the specified destination.

function loadBalancerSecurityGroup(ctx: Context, args: LoadBalancerSecurityGroupArgs): SecurityGroup
  • (SecurityGroup) - Creates a security group for load balancers with HTTP/HTTPS ingress rules. Allows inbound traffic on ports 80 and 443 from anywhere, and outbound traffic to the specified destination.

Converts a LoadBalancerOutput to use ARN strings instead of resources, while preserving the URL.

function loadBalancerToIds(output: LoadBalancerOutput): { listener: Output<string>; loadBalancer: Output<string>; url: Output<string> }
  • ({ listener: Output<string>; loadBalancer: Output<string>; url: Output<string> }) - Converts a LoadBalancerOutput to use ARN strings instead of resources, while preserving the URL.

Configuration options for creating a complete load balancer setup.

  • certificate? (Input<string>) - Optional SSL certificate ARN for HTTPS support
  • idleTimeout? (Input<number>) - Connection idle timeout in seconds
  • network (NetworkInput) - Network configuration including VPC and subnets
  • noPrefix? (boolean) - Whether to skip adding a prefix to the context

Configuration options for creating load balancer listeners.

  • certificate? (Input<string>) - Optional SSL certificate ARN for HTTPS listener
  • loadBalancer (Input<LoadBalancerInput>) - The load balancer to create listeners for
  • noPrefix? (boolean) - Whether to skip adding a prefix to the context

Configuration options for attaching a certificate to a load balancer listener.

  • certificate (Input<string>) - ARN of the SSL certificate to attach
  • listener (Input<ListenerInput>) - The listener to attach the certificate to
  • noPrefix? (boolean) - Whether to skip adding a prefix to the context

Output from creating a complete load balancer setup.

  • listener (Listener) - The primary listener resource
  • loadBalancer (LoadBalancer) - The created load balancer resource
  • url (Output<string>) - The URL of the load balancer

Configuration options for creating a load balancer security group.

  • destSecurityGroupId? (Input<string>) - Optional destination security group ID for egress rules
  • noPrefix? (boolean) - Whether to skip adding a prefix to the context
  • vpc (Input<VpcInput>) - VPC where the security group will be created

Represents a load balancer paired with a listener.

Union type representing different ways to specify a load balancer listener. Can be an ARN string, Listener resource, or listener query result.

type ListenerInput = string | aws.lb.Listener | aws.lb.GetListenerResult

Union type representing different ways to specify a load balancer. Can be an ARN string, LoadBalancer resource, or load balancer query result.

type LoadBalancerInput = string | aws.lb.LoadBalancer | aws.lb.GetLoadBalancerResult