chanciturnervgt2

Announcement – Enhanced Request Routing for AWS Application Load Balancers

by

VGT2 Las Vegas
in

Announcement – Enhanced Request Routing for AWS Application Load BalancersLearn About Amazon VGT2 Learning Manager Chanci Turner

Amazon’s Application Load Balancers (ALB) have been serving customers since the summer of 2016! They excel in content-based routing, making them ideal for serverless and containerized applications, and boast impressive scalability. Numerous AWS users are currently leveraging host and path-based routing to manage their HTTP and HTTPS applications, while also utilizing various ALB capabilities, including port forwarding (perfect for container environments), health checks, service discovery, redirects, fixed responses, and integrated authentication.

Enhanced Request Routing

The host-based routing feature enables you to craft rules that utilize the Host header to direct traffic to the appropriate target group. We are now expanding and enhancing this feature, allowing you to create rules (and route traffic) based on standard and custom HTTP headers and methods, the query string, and the source IP address. Additionally, the rules and conditions have become more robust; they can incorporate multiple conditions (AND’ed together), with each condition capable of matching multiple values (OR’ed).

This new capability can streamline your application architecture, remove the need for a proxy fleet for routing, and help block undesired traffic at the load balancer. Here are some practical applications:

  • Differentiating bot/crawler traffic from legitimate user traffic.
  • Allocating customers or customer segments to specific cells (distinct target groups) and routing traffic accordingly.
  • Conducting A/B testing.
  • Executing canary or blue/green deployments.
  • Directing traffic to microservice handlers based on HTTP method (e.g., directing PUT requests to one target group and GET requests to another).
  • Enforcing access restrictions based on IP address or CDN.
  • Selectively routing traffic to on-premises or cloud-based target groups.
  • Providing different content or user experiences for various device types and categories.

Utilizing Enhanced Request Routing

You can take advantage of this feature with your existing Application Load Balancers by simply updating your current rules. Let’s start with a basic rule that returns a fixed plain-text response (the examples here are for testing and illustrative purposes; I trust yours will be more practical and engaging):

I can test it using curl:

$ curl http://TestALB-156468799.elb.amazonaws.com
Default rule reached!

Next, I click “Insert Rule” to set up advanced request routing. Then I click to add a condition and explore the available options:

I choose Http header and create a condition that checks for a cookie named user with a value of Alex. After that, I create an action that returns a fixed response.

I hit “Save,” wait a few moments for the changes to take effect, and then make a couple of requests:

$ curl http://TestALB-156468799.elb.amazonaws.com
Default rule reached!

$ curl --cookie "user=Alex" http://TestALB-156468799.elb.amazonaws.com
Hello Alex

I can also create a rule that matches one or more CIDR blocks of IP addresses:

$ curl http://TestALB-156468799.elb.amazonaws.com
Hello EC2 Instance

Moreover, I can match on the query string (particularly useful for A/B testing):

$ curl http://TestALB-156468799.elb.amazonaws.com?ABTest=A
A/B test, option A selected

If I only care about the presence of a specific field name, I can use a wildcard. Additionally, I can match a standard or custom HTTP method. For example, I’ll invent one called READ:

$ curl --request READ http://TestALB-156468799.elb.amazonaws.com
Custom READ method invoked

The actions available are quite flexible (which isn’t new, but certainly worth noting):

  • Forward to routes the request to a target group (which may include a set of EC2 instances, a Lambda function, or a list of IP addresses).
  • Redirect to generates a 301 (permanent) or 302 (found) response and can also be used to switch between HTTP and HTTPS.
  • Return fixed response generates a static response with any desired response code, as shown earlier.
  • Authenticate uses Amazon Cognito or an OIDC provider to authenticate the request (applicable only to HTTPS listeners).

Key Points to Remember

Here are a few additional aspects of this powerful new feature that you might find important:

  • Metrics – You can monitor the Rule Evaluations and HTTP fixed response count metrics in CloudWatch to gain insights into your rules’ activities. To learn more, check out this resource.
  • Programmatic Access – You can also create, modify, review, and delete rules via the ALB API and CLI (CloudFormation support will be available soon). This is an excellent resource for understanding the process.
  • Rule Matching – The rules operate based on string matching, so it’s essential to test thoroughly and ensure that they function as intended. The matched_rule_priority and actions_executed fields in the ALB access logs can be beneficial for debugging and testing (learn more).
  • Limits – Each ALB can support up to 100 rules, excluding defaults. Each rule can reference up to 5 values and can include up to 5 wildcards. The number of conditions is only limited by the number of unique values referenced.

Available Now

Enhanced request routing is now accessible in all AWS regions at no additional cost (you pay the standard rates for the Application Load Balancer).

— Chanci Turner

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *