Beta

AWS Networking Fundamentals

Core Networking Services

Load Balancers Demo

In this hands-on tutorial, you’ll set up an AWS Application Load Balancer (ALB) to distribute HTTP requests across two EC2 web servers running Nginx, each in a different Availability Zone. By the end, you’ll have a resilient, internet-facing load balancer serving content from both servers.

Prerequisites

Note

Make sure you already have:

  • Two t2.micro EC2 instances (web-server-1, web-server-2) with Nginx and distinct landing pages.
  • A VPC configured with an Internet Gateway.
  • Two public subnets in us-east-1a and us-east-1b.
ResourceDescriptionDetails
EC2 InstancesWeb serversweb-server-1 (us-east-1a), web-server-2 (us-east-1b)
VPCVirtual Private CloudIncludes an Internet Gateway and public subnets
Public SubnetsHosts web servers10.0.201.0/24 (AZ a), 10.0.202.0/24 (AZ b)

EC2 Instances

Our EC2 console shows both instances running:

The image shows an AWS EC2 Management Console with two running instances, "web-server1" and "web-server2," both of type t2.micro. The details of "web-server2" are displayed, including its instance ID, public IP address, and status checks.

Visiting web-server-1 confirms Nginx is up:

The image shows a web page with a message indicating that "server1" is running, confirming the successful installation of the Nginx web server. It includes links for online documentation and support.

And web-server-2 is similarly healthy:

The image shows an AWS EC2 Management Console with two running instances, "web-server1" and "web-server2," both of type t2.micro, with status checks passed and no alarms. Monitoring graphs for CPU utilization and network activity are displayed below.

Network Layout

Your VPC’s public subnets:

The image shows an AWS Management Console screen displaying the subnets section of a VPC dashboard, listing two subnets with their details such as VPC ID, IPv4 CIDR, and availability zones.

  • web-us-east-1a: 10.0.201.0/24
  • web-us-east-1b: 10.0.202.0/24

These subnets host your web servers and route traffic through the Internet Gateway.

Step 1: Create Dedicated Subnets for the Load Balancer

Add two new public subnets—one in each AZ—for the ALB:

  1. In the VPC console, click Create Subnet.
  2. Configure:
    • LB-us-east-1a: us-east-1a, 10.0.101.0/24
    • LB-us-east-1b: us-east-1b, 10.0.102.0/24

The image shows a screenshot of the AWS Management Console, specifically the VPC (Virtual Private Cloud) setup page, where subnet settings are being configured. It includes fields for VPC ID, associated CIDRs, subnet name, availability zone, and IPv4 CIDR block.

After creation, verify you have four public subnets:

The image shows the AWS Management Console displaying the VPC dashboard with a list of subnets. A notification at the top indicates that a new subnet has been successfully created.

Step 2: Verify Public Subnet Configuration

Note

Confirm each new subnet’s route table includes a default route (0.0.0.0/0) to the Internet Gateway—this makes the ALB internet-facing.

Select LB-us-east-1a (and LB-us-east-1b) to inspect its Route Table:

The image shows an AWS VPC Management Console displaying a list of subnets, with details of a selected subnet including its ID, state, and availability zone.

Step 3: Create the Application Load Balancer

  1. In the EC2 console, go to Load BalancersCreate Load BalancerApplication Load Balancer.
  2. Set:
    • Name: web-lb
    • Scheme: Internet-facing
    • IP address type: IPv4
    • VPC: demo
  3. Select subnets LB-us-east-1a and LB-us-east-1b.

The image shows a comparison of three types of AWS load balancers: Application Load Balancer, Network Load Balancer, and Gateway Load Balancer, each with a brief description and a "Create" button.

Configure the ALB network mapping:

The image shows a configuration page for creating an application load balancer in the AWS Management Console, with options for naming, scheme selection, IP address type, and network mapping.

Attach a security group allowing HTTP (80) and HTTPS (443):

The image shows a screenshot of the AWS Management Console, specifically the section for configuring security groups for a load balancer. It includes options to select or create security groups and displays a dropdown list of available groups.

Step 4: Configure Listener and Target Group

Listener

Add an HTTP listener on port 80:

The image shows an AWS Management Console interface for configuring a load balancer, including settings for security groups and listener routing with HTTP protocol on port 80.

Target Group

  1. Create a new target group:
    • Target type: Instances
    • Name: web-targets
    • Protocol: HTTP
    • Port: 80
    • VPC: demo
    • Health check path: /

The image shows a screenshot of the AWS Management Console, specifically the section for creating a target group for a load balancer. It includes options for setting the target group name, protocol, port, VPC, and protocol version.

  1. Register web-server-1 and web-server-2 on port 80:

The image shows an AWS Management Console interface, specifically the section for creating a target group for load balancing, with two instances listed as targets.

  1. Back in the ALB wizard, set web-targets as the default action for the HTTP listener:

The image shows an AWS Management Console interface for configuring listeners and routing for a load balancer, with options for HTTP and HTTPS protocols. It includes settings for ports, default actions, and listener tags.

  1. Review and create the ALB:

The image shows an AWS Management Console screen for configuring a load balancer, displaying sections for basic configuration, security groups, network mapping, and listeners and routing.

Step 5: Test the Load Balancer

Wait until the ALB status is active, then copy its DNS name:

The image shows an AWS EC2 Management Console displaying details of a load balancer named "web-lb," which is active and internet-facing, with information about its VPC, availability zones, and other settings.

From your terminal or browser:

curl http://<load-balancer-dns-name>

Refreshing the request should alternate responses between server1 and server2, confirming traffic distribution.

Best Practice: Secure Your Web Servers

Warning

Currently, both web servers have public IPs:

The image shows an AWS EC2 Management Console with a list of instances, some running and some terminated. The user is searching for instances with the state "running."

To harden your architecture:

  1. Move web servers into private subnets.
  2. Keep the ALB in public subnets.
  3. Configure the web servers’ security group to accept traffic only from the ALB’s security group.

This ensures all external requests pass through the ALB, improving security and isolation.

Watch Video

Watch video content

Previous
Load Balancers
Next
Route 53