(Optional) Delete your load balancer - Elastic Load Balancing

For demos of common load balancer conﬁgurations, see Elastic Load Balancing Demos.

Before you begin

• Decide which Availability Zones you will use for your EC2 instances. Conﬁgure your virtual private cloud (VPC) with at least one public subnet in each of these Availability Zones. These public subnets are used to conﬁgure the load balancer. You can launch your EC2 instances in other subnets of these Availability Zones instead.

• Launch at least one EC2 instance in each Availability Zone. Ensure that the security groups for these instances allow TCP access from clients on the listener port and health check requests from your VPC.

For more information, see Target security groups (p. 53).

Step 1: Conﬁgure your target group

Create a target group, which is used in request routing. The rule for your listener routes requests to the registered targets in this target group. The load balancer checks the health of targets in this target group using the health check settings deﬁned for the target group.

To conﬁgure your target group

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, under Load Balancing, choose Target Groups.

3. Choose Create target group.

4. Keep Target type as instance.

5. For Target group name, enter a name for the new target group.

6. Keep Protocol as TCP, and Port as 80.

7. Select the VPC containing your instances. Keep the protocol version as HTTP1.

8. For Health checks, keep the default settings.

Step 2: Choose a load balancer type

9. Choose Next.

10. On the Register targets page, complete the following steps. This is an optional step to create a target group. However, you must register your targets if you want to test your load balancer and ensure that it is routing traﬃc to your targets.

a. For Available instances, select one or more instances.

b. Keep the default port 80, and choose Include as pending below.

11. Choose Create target group.

Step 2: Choose a load balancer type

Elastic Load Balancing supports diﬀerent types of load balancers. For this tutorial, you create a Network Load Balancer.

To create a Network Load Balancer

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. On the navigation bar, choose a Region for your load balancer. Be sure to choose the same Region that you used for your EC2 instances.

3. In the navigation pane, under Load Balancing, choose Load Balancers.

4. Choose Create Load Balancer.

5. For Network Load Balancer, choose Create.

Step 3: Conﬁgure your load balancer and listener

To create a Network Load Balancer, you must ﬁrst provide basic conﬁguration information for your load balancer, such as a name, scheme, and IP address type. Then provide information about your network, and one or more listeners. A listener is a process that checks for connection requests. It is conﬁgured with a protocol and a port for connections from clients to the load balancer. For more information about supported protocols and ports, see Listener conﬁguration (p. 21).

To conﬁgure your load balancer and listener

1. For Load balancer name, enter a name for your load balancer. For example, my-nlb.

2. For Scheme and IP address type, keep the default values.

3. For Network mappings, select the VPC that you used for your EC2 instances. For each Availability Zone that you used to launch your EC2 instances, select the Availability Zone and then select one public subnet for that Availability Zone.

By default, AWS assigns an IPv4 address to each load balancer node from the subnet for its Availability Zone. Alternatively, when you create an internet-facing load balancer, you can select an Elastic IP address for each Availability Zone. This provides your load balancer with static IP addresses.

4. For Listeners and routing, keep the default, which is a listener that accepts TCP traﬃc on port 80.

5. For Default action, select the target group that you created and registered in step 1.

6. Add an optional tag to categorize your load balancer. Tag keys must be unique for each load balancer. Allowed characters are letters, spaces, numbers (in UTF-8), and the following special characters: + - = . _ : / @. Do not use leading or trailing spaces. Tag values are case-sensitive.

7. Review your conﬁguration, and choose Create load balancer. A few default attributes are applied to your load balancer during creation. You can view and edit them after creating the load balancer. For more information, see Load balancer attributes (p. 10).

Step 4: Test your load balancer

After creating the load balancer, verify that it's sending traﬃc to your EC2 instances.

To test your load balancer

1. After you are notiﬁed that your load balancer was created successfully, choose Close.

2. In the navigation pane, under Load Balancing, choose Target Groups.

3. Select the newly created target group.

4. Choose Targets and verify that your instances are ready. If the status of an instance is initial, it's probably because the instance is still in the process of being registered, or it has not passed the minimum number of health checks to be considered healthy. After the status of at least one instance is healthy, you can test your load balancer.

5. In the navigation pane, under Load Balancing, choose Load Balancers.

6. Select the newly created load balancer.

7. Choose Description and copy the DNS name of the load balancer (for example,

my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com). Paste the DNS name into the address ﬁeld of an internet-connected web browser. If everything is working, the browser displays the default page of your server.

Step 5: (Optional) Delete your load balancer

As soon as your load balancer becomes available, you are billed for each hour or partial hour that you keep it running. When you no longer need a load balancer, you can delete it. As soon as the load balancer is deleted, you stop incurring charges for it. Note that deleting a load balancer does not aﬀect the targets registered with the load balancer. For example, your EC2 instances continue to run.

To delete your load balancer

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, under Load Balancing, choose Load Balancers.

3. Select the load balancer and choose Actions, Delete.

4. When prompted for conﬁrmation, choose Yes, Delete.

Before you begin

Tutorial: Create a Network Load Balancer using the AWS CLI

This tutorial provides a hands-on introduction to Network Load Balancers through the AWS CLI.

Before you begin

• Install the AWS CLI or update to the current version of the AWS CLI if you are using a version that does not support Network Load Balancers. For more information, see Installing the AWS Command Line Interface in the AWS Command Line Interface User Guide.

• Decide which Availability Zones you will use for your EC2 instances. Conﬁgure your virtual private cloud (VPC) with at least one public subnet in each of these Availability Zones.

• Decide if you will create an IPv4 or dualstack load balancer. Use IPv4 if you want clients to

communicate with the load balancer using IPv4 addresses only. Use dualstack if you want clients to communicate with the load balancer using IPv4 and IPv6 addresses. You can also use dualstack to communicate with backend targets, such as IPv6 applications or dualstack subnets, using IPv6.

For more information, see Target security groups (p. 53).

Create your IPv4 load balancer

To create your ﬁrst load balancer, complete the following steps.

To create a IPv4 load balancer

1. Use the create-load-balancer command to create an IPv4 load balancer, specifying a public subnet for each Availability Zone in which you launched instances. You can specify only one subnet per Availability Zone.

aws elbv2 create-load-balancer --name my-load-balancer --type network --subnets subnet-0e3f5cac72EXAMPLE

The output includes the Amazon Resource Name (ARN) of the load balancer, with the following format:

arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/net/my-load-balancer/1234567890123456

2. Use the create-target-group command to create an IPv4 target group, specifying the same VPC that you used for your EC2 instances. IPv4 target groups support IP and instance type targets.

aws elbv2 create-target-group --name my-targets --protocol TCP --port 80 --vpc-id vpc-0598c7d356EXAMPLE

The output includes the ARN of the target group, with this format:

Create your dualstack load balancer

arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/1234567890123456

3. Use the register-targets command to register your instances with your target group:

aws elbv2 register-targets --target-group-arn targetgroup-arn --targets Id=i-1234567890abcdef0 Id=i-0abcdef1234567890

4. Use the create-listener command to create a listener for your load balancer with a default rule that forwards requests to your target group:

aws elbv2 create-listener --load-balancer-arn loadbalancer-arn --protocol TCP --port 80 \

--default-actions Type=forward,TargetGroupArn=targetgroup-arn

The output contains the ARN of the listener, with the following format:

arn:aws:elasticloadbalancing:us-east-2:123456789012:listener/net/my-load-balancer/1234567890123456/1234567890123456

5. (Optional) You can verify the health of the registered targets for your target group using this describe-target-health command:

aws elbv2 describe-target-health --target-group-arn targetgroup-arn

Create your dualstack load balancer

To create your ﬁrst load balancer, complete the following steps.

To create a dualstack load balancer

1. Use the create-load-balancer command to create a dualstack load balancer, specifying a public subnet for each Availability Zone in which you launched instances. You can specify only one subnet per Availability Zone.

aws elbv2 create-load-balancer --name my-load-balancer --type network --subnets subnet-0e3f5cac72EXAMPLE --ip-address-type dualstack

The output includes the Amazon Resource Name (ARN) of the load balancer, with the following format:

arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/net/my-load-balancer/1234567890123456

2. Use the create-target-group command to create a target group, specifying the same VPC that you used for your EC2 instances.

You must use either a TCP or TLS target group with your dualstack load balancer.

You can create IPv4 and IPv6 target groups to associate with dualstack load balancers. The target group's IP address type determines the IP version that the load balancer will use to both communicate with, and check the health of, your backend targets.

IPv4 target groups support IP and instance type targets. IPv6 targets only support IP targets.

Specify an Elastic IP address for your load balancer

aws elbv2 create-target-group --name my-targets --protocol TCP --port 80 --vpc-id vpc-0598c7d356EXAMPLE --ip-address-type [ipv4 or ipv6]

The output includes the ARN of the target group, with this format:

arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/1234567890123456

3. Use the register-targets command to register your instances with your target group:

aws elbv2 register-targets --target-group-arn targetgroup-arn --targets Id=i-1234567890abcdef0 Id=i-0abcdef1234567890

4. Use the create-listener command to create a listener for your load balancer with a default rule that forwards requests to your target group. Dualstack load balancers must have TCP or TLS listeners.

aws elbv2 create-listener --load-balancer-arn loadbalancer-arn --protocol TCP --port 80 \--default-actions Type=forward,TargetGroupArn=targetgroup-arn

The output contains the ARN of the listener, with the following format:

arn:aws:elasticloadbalancing:us-east-2:123456789012:listener/net/my-load-balancer/1234567890123456/1234567890123456

5. (Optional) You can verify the health of the registered targets for your target group using this describe-target-health command:

aws elbv2 describe-target-health --target-group-arn targetgroup-arn

Specify an Elastic IP address for your load balancer

When you create a Network Load Balancer, you can specify one Elastic IP address per subnet using a subnet mapping.

aws elbv2 create-load-balancer --name my-load-balancer --type network \

--subnet-mappings SubnetId=subnet-0e3f5cac72EXAMPLE,AllocationId=eipalloc-12345678

Delete your load balancer

When you no longer need your load balancer and target group, you can delete them as follows:

aws elbv2 delete-load-balancer --load-balancer-arn loadbalancer-arn aws elbv2 delete-target-group --target-group-arn targetgroup-arn

Load balancer state

Network Load Balancers

A load balancer serves as the single point of contact for clients. Clients send requests to the load balancer, and the load balancer sends them to targets, such as EC2 instances, in one or more Availability Zones.

To conﬁgure your load balancer, you create target groups (p. 37), and then register targets with your target groups. Your load balancer is most eﬀective if you ensure that each enabled Availability Zone has at least one registered target. You also create listeners (p. 21) to check for connection requests from clients and route requests from clients to the targets in your target groups.

Network Load Balancers support connections from clients over VPC peering, AWS managed VPN, AWS Direct Connect, and third-party VPN solutions.

Contents

• Load balancer state (p. 10)

• Load balancer attributes (p. 10)

• IP address type (p. 11)

• Availability Zones (p. 12)

• Cross-zone load balancing (p. 13)

• Deletion protection (p. 13)

• Connection idle timeout (p. 14)

• DNS name (p. 14)

• Create a Network Load Balancer (p. 15)

• IP address types for your Network Load Balancer (p. 18)

• Tags for your Network Load Balancer (p. 19)

• Delete a Network Load Balancer (p. 19)

Load balancer state

A load balancer can be in one of the following states:

provisioning

The load balancer is being set up.

active

The load balancer is fully set up and ready to route traﬃc.

failed

The load balancer could not be set up.

Load balancer attributes

The following are the load balancer attributes:

IP address type

access_logs.s3.enabled

Indicates whether access logs stored in Amazon S3 are enabled. The default is false.

access_logs.s3.bucket

The name of the Amazon S3 bucket for the access logs. This attribute is required if access logs are enabled. For more information, see Bucket requirements (p. 76).

access_logs.s3.prefix

The preﬁx for the location in the Amazon S3 bucket.

deletion_protection.enabled

Indicates whether deletion protection (p. 13) is enabled. The default is false.

ipv6.deny_all_igw_traffic

Blocks internet gateway (IGW) access to the load balancer, preventing unintended access to your internal load balancer through an internet gateway. It is set to false for internet-facing load balancers and true for internal load balancers. This attribute does not prevent non-IGW internet access (such as, through peering, Transit Gateway, AWS Direct Connect, or AWS VPN).

load_balancing.cross_zone.enabled

Indicates whether cross-zone load balancing (p. 13) is enabled. The default is false.

IP address type

You can set the types of IP addresses that clients can use with your load balancer.

The following are the IP address types:

ipv4

Clients must connect to the load balancer using IPv4 addresses (for example, 192.0.2.1). IPv4 enabled load balancers (both internet-facing and internal) support TCP, UDP, TCP_UDP, and TLS listeners.

dualstack

Clients can connect to the load balancer using both IPv4 addresses (for example, 192.0.2.1) and IPv6 addresses (for example, 2001:0db8:85a3:0:0:8a2e:0370:7334). Dualstack enabled load balancers (both internet-facing and internal) support TCP and TLS listeners.

Dualstack load balancer considerations

• The load balancer communicates with targets based on the IP address type of the target group.

• When you enable dualstack mode for the load balancer, Elastic Load Balancing provides an AAAA DNS record for the load balancer. Clients that communicate with the load balancer using IPv4 addresses resolve the A DNS record. Clients that communicate with the load balancer using IPv6 addresses resolve the AAAA DNS record.

• Access to your internal dualstack load balancers through the internet gateway is blocked to prevent unintended internet access. However, this does not prevent non-IWG internet access (such as, through peering, Transit Gateway, AWS Direct Connect, or AWS VPN).

For more information on load balancer IP address types, see Update the address type (p. 18).

Availability Zones

You enable one or more Availability Zones for your load balancer when you create it. If you enable multiple Availability Zones for your load balancer, this increases the fault tolerance of your applications.

You cannot disable Availability Zones for a Network Load Balancer after you create it, but you can enable additional Availability Zones.

When you enable an Availability Zone, you specify one subnet from that Availability Zone. Elastic Load Balancing creates a load balancer node in the Availability Zone and a network interface for the subnet (the description starts with "ELB net" and includes the name of the load balancer). Each load balancer node in the Availability Zone uses this network interface to get an IPv4 address. Note that you can view this network interface but you cannot modify it.

When you create an internet-facing load balancer, you can optionally specify one Elastic IP address per subnet. If you do not choose one of your own Elastic IP addresses, Elastic Load Balancing provides one Elastic IP address per subnet for you. These Elastic IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer. You cannot change these Elastic IP addresses after you create the load balancer.

When you create an internal load balancer, you can optionally specify one private IP address per subnet.

If you do not specify an IP address from the subnet, Elastic Load Balancing chooses one for you. These private IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer. You cannot change these private IP addresses after you create the load balancer.

Requirements

• For internet-facing load balancers, the subnets that you specify must have at least 8 available IP addresses. For internal load balancers, this is only required if you let AWS select a private IPv4 address from the subnet.

• You can't specify a subnet in a constrained Availability Zone. The error message is "Load balancers with type 'network' are not supported in az_name". You can specify a subnet in another Availability Zone that is not constrained and use cross-zone load balancing to distribute traﬃc to targets in the constrained Availability Zone.

• You can't specify a subnet in a Local Zone.

After you enable an Availability Zone, the load balancer starts routing requests to the registered targets in that Availability Zone. Your load balancer is most eﬀective if you ensure that each enabled Availability Zone has at least one registered target.

To add Availability Zones using the console

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, under LOAD BALANCING, choose Load Balancers.

3. Select the load balancer.

4. On the Description tab, under Basic Conﬁguration, choose Edit subnets.

5. To enable an Availability Zone, select the check box for that Availability Zone. If there is one subnet for that Availability Zone, it is selected. If there is more than one subnet for that Availability Zone, select one of the subnets. Note that you can select only one subnet per Availability Zone.

For an internet-facing load balancer, you can select an Elastic IP address for each Availability Zone.

For an internal load balancer, you can assign a private IP address from the IPv4 range of each subnet instead of letting Elastic Load Balancing assign one.

6. Choose Save.

Cross-zone load balancing

To add Availability Zones using the AWS CLI Use the set-subnets command.

Cross-zone load balancing

By default, each load balancer node distributes traﬃc across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traﬃc across the registered targets in all enabled Availability Zones. For more information, see Cross-zone load balancing in the Elastic Load Balancing User Guide.

To enable cross-zone load balancing using the console

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, under LOAD BALANCING, choose Load Balancers.

在文檔中 Elastic Load Balancing (頁 9-20)