Application Load Balancer Example in AWS CDK

# Creating an Application Load Balancer in AWS CDK

We're going to create an Application Load balancer that routes traffic to an auto-scaling group that consists of two EC2 instances.

The process of creating an Application Load balancer in CDK, consists of 3 steps:

1. Create the ALB, by instantiating and configuring the ApplicationLoadBalancer class.
2. Add a listener to the ALB, e.g. listen for HTTP requests on port 80.
3. Add one or more targets to the ALB listener, e.g. an auto-scaling group, consisting of multiple EC2 instances.

Let's start by looking at the code that creates our VPC, ALB and listener:

Copied!
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import * as cdk from 'aws-cdk-lib/core';

export class CdkStarterStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const vpc = new ec2.Vpc(this, 'vpc', {natGateways: 1});

    const alb = new elbv2.ApplicationLoadBalancer(this, 'alb', {
      vpc,
      internetFacing: true,
    });

    const listener = alb.addListener('Listener', {
      port: 80,
      open: true,
    });
  }
}

Let's go over what we did in the code sample.

1. We created a VPC with a single NAT Gateway. By default, the VPC construct creates a PUBLIC and a PRIVATE subnet groups with subnets in 3 availability zones.

   Our Application Load Balancer will be provisioned in PUBLIC subnets, whereas our EC2 instances will be provisioned in PRIVATE subnets.

2. We created an Application Load balancer. By setting the internetFacing prop to true, we allocate a public IPv4 address to our Load Balancer. The value of internetFacing is set to false by default.

3. We added a listener to our ALB. We passed the following props to the listener:

Next, let's add an auto-scaling group and attach it as a target on the listener of the Application Load Balancer:

Copied!
import * as autoscaling from 'aws-cdk-lib/aws-autoscaling';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import * as cdk from 'aws-cdk-lib/core';

export class CdkStarterStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // ... rest

    // 👇 create user data script
    const userData = ec2.UserData.forLinux();
    userData.addCommands(
      'sudo su',
      'yum install -y httpd',
      'systemctl start httpd',
      'systemctl enable httpd',
      'echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html',
    );

    // 👇 create auto-scaling group
    const asg = new autoscaling.AutoScalingGroup(this, 'asg', {
      vpc,
      instanceType: ec2.InstanceType.of(
        ec2.InstanceClass.BURSTABLE2,
        ec2.InstanceSize.MICRO,
      ),
      machineImage: new ec2.AmazonLinuxImage({
        generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
      }),
      userData,
      minCapacity: 2,
      maxCapacity: 3,
    });

    // 👇 add target to the ALB listener
    listener.addTargets('default-target', {
      port: 80,
      targets: [asg],
      healthCheck: {
        path: '/',
        unhealthyThresholdCount: 2,
        healthyThresholdCount: 5,
        interval: cdk.Duration.seconds(30),
      },
    });

    // 👇 add an action to the ALB listener
    listener.addAction('/static', {
      priority: 5,
      conditions: [elbv2.ListenerCondition.pathPatterns(['/static'])],
      action: elbv2.ListenerAction.fixedResponse(200, {
        contentType: 'text/html',
        messageBody: '<h1>Static ALB Response</h1>',
      }),
    });

    // 👇 add scaling policy for the Auto Scaling Group
    asg.scaleOnRequestCount('requests-per-minute', {
      targetRequestsPerMinute: 60,
    });

    // 👇 add scaling policy for the Auto Scaling Group
    asg.scaleOnCpuUtilization('cpu-util-scaling', {
      targetUtilizationPercent: 75,
    });

    // 👇 add the ALB DNS as an Output
    new cdk.CfnOutput(this, 'albDNS', {
      value: alb.loadBalancerDnsName,
    });
  }
}

Let's go over what we did in the code sample.

1. We created the user data script that initializes our EC2 instances. We basically installed and started an Apache web server and wrote a "hello world" message that prints the host's IP address to the root route.

2. We created an auto-scaling group. We passed the following props to the constructor:

3. We added a target to the listener of our Application Load Balancer. The listener will route requests that come on port 80 to the EC2 instances in our auto-scaling group.

   Note that we've configured a healthCheck on the / path. This is the default configuration for an ALB health check in CDK:

   • the requests are made on the / route
   • 2 consecutive request failures deem a target unhealthy
   • 5 consecutive request successes deem an unhealthy target healthy
   • health check requests are issued at an interval of 30 seconds

4. We added an action to the listener of the ALB. The action is only run if the condition matches, in our case - if the path of the request is /static, the action returns a static HTML response with a 200 status code.

5. We added 2 scaling policies to our auto-scaling group:

• the scaleOnRequestCount method scales the number of provisioned EC2 instances up or down, depending on how many HTTP requests we want an EC2 instance to take per minute

• the scaleOnCpuUtilization method scales up or down, depending on the average CPU utilization of all EC2 instances in the target group.

6. We added an Output, which we will redirect to a file on the local file system to get the DNS name of the Application Load balancer.

Let's run the deployment command:

Copied!
npx aws-cdk deploy \
  --outputs-file ./cdk-outputs.json

You can get the DNS name of the ALB from the cdk-outputs.json file or look it up in the EC2 management console.

If you paste it in your browser you will see that the ALB alternates routing traffic to both of our EC2 instances:

If we visit the /static route, for which we configured an ALB fixed response, we can see that it also works:

CDK has configured the following inbound rules for the security group of our ALB:

Everyone on the internet can access our ALB on port 80.

The outbound rules for the security group of our ALB, only allow traffic to the security group of our auto-scaling group on port 80:

The inbound rules for the security group of the Auto Scaling Group allow HTTP traffic on port 80 from the security group of the Application Load Balancer:

The outbound rules for the security group of the Auto Scaling Group allow all traffic:

As expected, our Application Load Balancer has been deployed to 3 PUBLIC subnets and our EC2 instances to 2 PRIVATE subnets.

The listeners of our Application Load Balancer have 2 rules:

• if the path is /static return a fixed HTML response
• else forward the requests to the registered target group

If we look at the target group of our Application Load Balancer, we can see that both of our EC2 instances are healthy and able to serve requests:

# Clean up

To delete the provisioned resources, issue the destroy command:

Copied!
npx aws-cdk destroy

# Additional Resources

You can learn more about the related topics by checking out the following tutorials:

• EC2 Instance Example in AWS CDK - Complete Guide
• VPC Example in AWS CDK - Complete Guide
• Security Group Example in AWS CDK - Complete Guide
• Subnet Selection Example in AWS CDK
• AWS CDK Tutorial for Beginners - Step-by-Step Guide
• How to use Context in AWS CDK
• How to use Parameters in AWS CDK