There are noticable differences between the classic load balancers and application load balancer. The application load balancers decouple the the ELBs into smaller components for greater flexibility and customization.
Notie however that application load balancers do not work with non HTTP/S protocols. For example if you are trying to put a SMTP, POP3 or IMAP server behind an ALB you are out of lock. We will discuss this in the next article.
See this article for more information: AWS ALB overview
Checks for connection requests from clients, using the protocol and port that you configure, and forwards requests to one or more target groups, based on the rules that you define. Each rule specifies a target group, condition, and priority.
When you define a rule that works based on the content of the request.
Routes requests to one or more registered targets, such as EC2 instances, using the protocol and port number that you specify. You can register a target with multiple target groups.
Performed on all targets registered to a target group that is specified in a listener rule for your load balancer.
Migrating to ALB
AWS provides a tool for migrating a classic load balancer to an application load balancer. This will automatically create a new ALB for you which will have a DNS A record:
To run a quick check to ensure that the load balancers are setup correctly, do:
curl -I myloadbalancername-randomnumber.us-west-2.elb.amazonaws.com
You should see the response:
HTTP/1.1 200 OK
You still need to:
- go to Route53 and point your DNS entries to the new load balancer.
- make sure that the traffic is being routed to the new load balancer AWAY from the old load balancer. If you look into Cloud Watch metrics for each load balancer and zoom into the time interval that you made the DNS change, you should see an up spike in the new ELBs request count and a down spike in the old ELBs count.
- run all the IzyCloudWatch tests to verify that everything went smooth
- delete the old load balancer
Multiple TLS Certificates per ELB
This was not possible until late 2017, but Amazon finally announced that they are launching support for multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). See this article for more details multiple tls certificates
What this means is that the classic load balancer will not work for handle TLS on multiple domains and you must use an ALB.
Amazon Resource Names (ARNs) uniquely identify AWS load balancers.
Typical Port Configurations
You would need to configure PORTs 80, 443
You would need to configure PORTS 25, 465
You would need to configure PORTS 110, 995
You would need to configure PORTS 143, 993
AWS ALB overview: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
multiple tls certificates