Networking/Networking_protocols/Load_balancing/Load_balancer/elb.aws.txt


                                  ┏━━━━━━━━━┓
                                  ┃   ELB   ┃
                                  ┗━━━━━━━━━┛

ELB ==>                       #Version from 2014-05-12

DISTRIBUTION ==>              #Distribute loads between instances (specified by IP):
                              #  - for a given random AvailabilityZone or (if CrossZoneLoadBalancing true) between any AvailabilityZone
                              #     - if CrossZoneLoadBalancing true, make sure SecurityGroups/NetworkAcl allow traffic between Subnets
                              #  - then either:
                              #     - TCP/SSL: randomly (round-robin)
                              #     - HTTP/HTTPS: least outstanding requests
                              #Sticky session:
                              #  - client will get the same instance across calls, using a session cookie
                              #     - if instance becomes unavailable, updates session cookie to new instance
                              #  - Can be based on:
                              #     - LoadBalancer created cookie (named AWSELB)
                              #        - ELB_COND LBCookieStickinessPolicyType,
                              #          (optional, def: none) POLICY_ATTR CookieExpirationPeriod NUM
                              #     - AWSELB is based on EC2 instance existing cookie APP_COOKIE, only if APP_COOKIE exists,
                              #       and change it when APP_COOKIE changes:
                              #        - ELB_COND AppCookieStickinessPolicyType, POLICY_ATTR CookieName APP_COOKIE
                              #     - since LoadBalancer forwards everything, both APP_COOKIE and AWSELB are transmitted
                              #       along the full chain (end-user, LoadBalancer, EC2)
                              #  - only HTTP[S], not TCP/SSL

IN/OUT TRAFFIC (LISTENER) ==> #Must specify for connection with internet, and for connection with EC2 instances.
                              #Can be (HTTP and/or HTTPS) or (TCP and/or SSL):
                              #  - Must also specify port (normal port, or SMTP[S] port number, or 1024-65535)
                              #  - def: HTTP for both connections
                              #  - SSL/HTTPS:
                              #     - LoadBalancer:
                              #        - config ELB_COND SSLNegotiationPolicyType:
                              #           - SSL protocols: POLICY_ATTR Protocol-SSLv2|3 or Protocol-TLSv1|1.1|1.2 BOOL
                              #           - POLICY_ATTR CIPHER BOOL: see online for list
                              #           - POLICY_ATTR Server-Defined-Cipher-Order BOOL
                              #        - Can be custom or predefined:
                              #           - "ELBSecurityPolicy-2011-08" (def): Protocol-SSLv3|TLS*, ECDHE-ECDSA|RSA-AES, AES,
                              #             DHE-DSS|RSA, ECDHE-RSA, RC4, PreferenceOrder true
                              #     - EC2 instance:
                              #        - ELB_COND BackendServerAuthenticationPolicyType,
                              #          with POLICY_ATTR PublicKeyPolicyName POLICY_ID (one or many)
                              #           - POLICY_ID points to ELB_COND PublicKeyPolicyType,
                              #             with POLICY_ATTR PublicKey "STR,..."
                              #LoadBalancer uses Connection: Keep-Alive [C]
                              #  - Configure TCP socket timeout with IdleTimeout (def: 1 min, max: 1 hour) for both connections
                              #ConnectionDraining:
                              #  - when instance stops or becomes unhealthy, LoadBalancer keeps serving stopping instance with
                              #    opened connections, until a specific timeout.
                              #Proxy forwarding:
                              #  - HTTP/HTTPS: adds X-Forwarded-For|Proto|Port [C]
                              #  - TCP/SSL:
                              #     - use Proxy protocol v1 to communicate protocol, client|proxy IP|port as a single line in
                              #       the request header
                              #     - ELB_COND ProxyProtocolPolicyType, POLICY_ATTR ProxyProtocol BOOL

HEALTHCHECK ==>               #Sets instances health state according to ping to specified URL at regular interval, with number
                              #of passed|failed pings to change health state ("threshold"), with specific timeout
                              #  - must respond with status code 200
                              #  - uses User-Agent "ELB-HealthChecker/VERSION"
                              #  - ping impact on EC2 traffic price is almost nothing
                              #Health state effect:
                              #  - LoadBalancer only redirect to healthy instances
                              #  - If request to instance marked "healthy" fails:
                              #     - if other healthy instances, redirect to them
                              #     - does not change failed request instance as unhealthy (only healthcheck ping does)
                              #  - as such, even with not frequent ping, will directly redirect if failed instance

NETWORKING ==>                #Like an EC2 instance, has Subnet, AvailabilityZone, SecurityGroup
                              #  - gets a public IP/DNS unless Scheme is "internal" (to do if private LoadBalancer)
                              #  - if no SecurityGroup, create a default one with in|out traffic specified for 0.0.0.0/0
                              #  - must specify which Subnets are permitted for in|out traffic ("Attached subnets"), i.e.
                              #    subnets of the attached instances
                              #Good idea to use as the point of entry of the app, with the Elastic IP and the SSL certificate
                              #  - If a group of instances needs to communicate with another private one, can also put a
                              #    private LoadBalancer in-between (must then use Scheme "internal")

MONITORING ==>                #CloudWatch:
                              #  - METRIC:
                              #     - [Un]HealthyHostCount NUM: should use as Average with Dimension AvailabilityZone
                              #     - RequestCount NUM: successful completed requests
                              #     - Latency NUM: from LoadBalancer request to EC2 instance answer (in sec)
                              #     - HTTPCode_ELB_4XX|5XX: generated by LoadBalancer
                              #     - HTTPCode_Backend_2XX|3XX|4XX|5XX: generated by EC2 instance
                              #     - BackendConnectionErrors NUM: number of LoadBalancer -> EC2 instance connection errors
                              #     - SurgeQueueLength NUM: pending requests to EC2 instance
                              #     - SpilloverCount NUM: number of pending requests rejected because SurgeQueueLength too high
                              #  - Dimensions: LoadBalancerName STR, AvailabilityZone ZONE
                              #Access log BUCKET/PREFIX/AWSLogs/ACCOUNT_ID/elasticloadbalancing/REGION/YYYY/MM/DD/
                              #ACCOUNT_ID_elasticloadbalancing_REGION_LOADBALANCERNAME_TIMESTAMP_LOADBALANCERIP_RANDOM.log
                              #(space-delimited):
                              #  - timestamp
                              #  - elb: Name
                              #  - client|backend:port
                              #  - request_processing_time:
                              #     - from LoadBalancer received requests from client to sending request to EC2 instance
                              #  - backend_processing_time:
                              #     - from LoadBalancer sending requests to EC2 instance to receiving answer headers
                              #  - response_processing_time:
                              #     - from LoadBalancer receiving answer header from EC2 instance to sending answer to client
                              #  - elb|backend_status_code
                              #  - received|sent_bytes: for body only. For LoadBalancer <-> ELB only.
                              #  - request "METHOD URL/HTTP/1.1"

ARN ==>                       #arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:loadbalancer/NAME

PRICING ==>                   #  - 18$/LoadBalancer/month (hourly-based, if used full-time)
                              #  - 1$/125GB/month of data processed

LIMITS ==>                    #  - 20 LoadBalancer

                                  ┌─────────┐
                                  │   API   │
                                  └─────────┘

API ==>                       #XML, not JSON

PAGINATION ==>                #  - Request parameter Marker STR, PageSize NUM (def|max: 400)
                              #  - Response body NextMarker STR

ELB_COND ==>                  #Parameter that must be specified using CreateLoadBalancerPolicy():
                              #  - use set of attributes POLICY_ATTR=VAL,...
                              #  - must be applied with SetLoadBalancerPolicies...() to either LoadBalancer ("Listener") or
                              #    EC2 instance ("BackendServer")
                              #     - depends on the ELB_COND: all for listeners, except PublicKeyPolicyType and
                              #       BackendServerAuthenticationPolicyType

                                  ┌───────────────────┐
                                  │   LOAD BALANCER   │
                                  └───────────────────┘

CreateLoadBalancer()          #Takes 2 mins.
                              #Request parameters LOAD_BALANCER:
                              #  - AvailabilityZones STR_ARR
                              #  - Listeners LISTENER_ARR:
                              #     - InstancePort NUM
                              #     - InstanceProtocol "HTTP|HTTPS|TCP|SSL"
                              #     - LoadBalancerPort NUM
                              #     - Protocol STR
                              #     - SSLCertificateId SERVER_CERTIFICATE_IAM_ARN
                              #  - LoadBalancerName STR
                              #  - SecurityGroups STR_ARR
                              #  - Subnets STR_ARR
                              #  - Scheme "internal" (optional)
                              #  - Tags TAG_ARR
                              #Response body: DNSName STR
DeleteLoadBalancer()          #Request parameters: LoadBalancerName STR
DescribeLoadBalancers()       #Request parameters: LoadBalancerNames STR_ARR
                              #Response body: LoadBalancerDescriptions OBJ_ARR:
                              #  - Same members as LOAD_BALANCER but:
                              #     - Listeners -> ListenerDescriptions
                              #     - No Tags
                              #  - BackendServerDescriptions OBJ_ARR:
                              #     - InstancePort NUM
                              #     - PolicyNames STR_ARR
                              #  - CanonicalHostedZoneName STR
                              #  - CanonicalHostedZoneNameID STR
                              #  - CreatedTime DATE
                              #  - DNSName STR
                              #  - HealthCheck HEALTH_CHECK:
                              #     - [Un]HealthyThreshold NUM (def: 2 "Unhealthy" and 10 "Healthy")
                              #     - Interval NUM (def: 30)
                              #     - Target PROTOCOL:PORT/URL (def: "HTTP:80/index.html")
                              #     - Timeout NUM (def: 5)
                              #  - Instances OBJ_ARR: InstanceId STR
                              #  - Policies OBJ_ARR:
                              #     - AppCookieStickinessPolicies OBJ_ARR:
                              #        - CookieName STR
                              #        - PolicyName POLICY_ID
                              #     - LBCookieStickinessPolicies OBJ_ARR:
                              #        - CookieExpirationPeriod NUM
                              #        - PolicyName POLICY_ID
                              #     - OtherPolicies POLICY_ID_ARR
                              #  - SourceSecurityGroup: GroupName STR, OwnerAlias STR
                              #  - VPCId STR
ModifyLoadBalancerAttributes()#Request parameters:
                              #  - LoadBalancerName STR
                              #  - LoadBalancerAttributes LOAD_BALANCER_ATTRIBUTES:
                              #     - AccessLog:
                              #        - EmitInterval NUM
                              #        - Enabled BOOL
                              #        - S3BucketName BUCKET
                              #        - S3BucketPrefix STR
                              #     - ConnectionDraining:
                              #        - Enabled BOOL
                              #        - Timeout NUM
                              #     - ConnectionSettings: IdleTimeout NUM
                              #     - CrossZoneLoadBalancing: Enabled NUM
                              #Response body LOAD_BALANCER_ATTRIBUTES
DescribeLoadBalancerAttributes#Request parameters: LoadBalancerName STR
                              #Response body; LoadBalancerAttributes LOAD_BALANCER_ATTRIBUTES

[De]RegisterInstances         #Request parameters:
WithLoadBalancer()            #  - Instances OBJ_ARR: InstanceId STR
                              #  - LoadBalancerName STR
                              #Response body:
                              #  - Instances OBJ_ARR: InstanceId STR
Attach|DetachLoadBalancer     #Request parameters:
From|ToSubnets()              #  - LoadBalancerName STR
                              #  - Subnets STR_ARR
                              #Response body: Subnets STR_ARR
Enable|DisableAvailability    #Request parameters:
ZonesForLoadBalancer()        #  - AvailabilityZones STR_ARR
                              #  - LoadBalancerName STR
                              #Response body: AvailabilityZones STR_ARR

ConfigureHealthCheck()        #Request parameters:
                              #  - HealthCheck HEALTH_CHECK
                              #  - LoadBalancerName STR
                              #Response body: HealthCheck HEALTH_CHECK
DescribeInstanceHealth()      #Request parameters:
                              #  - Instances OBJ_ARR: InstanceId STR
                              #  - LoadBalancerName STR
                              #Response body: InstanceStates OBJ_ARR:
                              #  - Description STR
                              #  - InstanceId STR
                              #  - ReasonCode "ELB|Instance|N/A"
                              #  - State "InService|OutOfService|Unknown"

CreateApp|LBCookie            #Request parameters:
StickinessPolicy()            #  - CookieName STR ("App") or CookieExpirationPeriod NUM ("LB")
                              #  - LoadBalancerName STR
                              #  - PolicyName POLICY_ID
                              #Must then call SetLoadBalancerPoliciesOfListener()

CreateLoadBalancerListeners() #Request parameters:
                              #  - Listeners LISTENER_ARR
                              #  - LoadBalancerName STR
DeleteLoadBalancerListeners() #Request parameters:
                              #  - LoadBalancerName STR
                              #  - LoadBalancerPorts NUM_ARR

ApplySecurityGroups           #Request parameters:
ToLoadBalancer()              #  - LoadBalancerName STR
                              #  - SecurityGroups STR_ARR
                              #Response body: SecurityGroups STR_ARR

SetLoadBalancerListener       #Request parameters:
SSLCertificate()              #  - LoadBalancerName STR
                              #  - LoadBalancerPort NUM
                              #  - SSLCertificateId STR

CreateLoadBalancerPolicy()    #Request parameters POLICY_ATTRIBUTE:
                              #  - PolicyAttributeDescriptions OBJ_ARR:
                              #     - AttributeName POLICY_ATTR
                              #     - AttributeValue STR
                              #  - PolicyName POLICY_ID
                              #  - PolicyTypeName ELB_COND
                              #  - LoadBalancerName STR
DeleteLoadBalancerPolicy()    #Request parameters:
                              #  - LoadBalancerName STR
                              #  - PolicyName POLICY_ID
DescribeLoadBalancerPolicies()#Request parameters:
                              #  - LoadBalancerName STR
                              #  - PolicyNames POLICY_ID_ARR
                              #Response body: PolicyDescriptions OBJ_ARR:
                              #  - same as POLICY_ATTRIBUTE, but without LoadBalancerName and
                              #    PolicyAttributeDescriptions -> PolicyAttributes
DescribeLoadBalancer          #Request parameters: PolicyTypeNames STR_ARR
PolicyTypes()                 #Response body: PolicyTypeDescriptions OBJ_ARR:
                              #  - PolicyAttributeTypeDescriptions OBJ_ARR:
                              #     - AttributeName POLICY_ATTR
                              #     - AttributeType TYPE
                              #     - Cardinality "ONE|ZERO_OR_ONE|ZERO_OR_MORE|ONE_OR_MORE"
                              #     - DefaultValue STR
                              #     - Description STR
                              #  - Description STR
                              #  - PolicyTypeName ELB_COND
SetLoadBalancerPolicies       #Request parameters:
ForBackendServer|OfListener() #  - InstancePort NUM
                              #  - LoadBalancerName STR
                              #  - PolicyNames ELB_COND_ARR

AddTags()                     #Request parameters TAG_DESCRIPTION:
                              #  - LoadBalancerNames STR_ARR
                              #  - Tags TAG_ARR: Key STR, Value STR
RemoveTags()                  #Request parameters TAG_DESCRIPTION (but TAG has only Key)
DescribeTags()                #Request parameters: LoadBalancerNames STR_ARR
                              #Response body: TagDescriptions TAG_DESCRIPTION_ARR