From 79d11b0110baece1db4ea9b8c54baf4865016c6c Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Tue, 16 Dec 2025 09:58:24 +0100 Subject: [PATCH] chore(aws/ecs): add load balancing --- knowledge base/cloud computing/aws/README.md | 47 +++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/knowledge base/cloud computing/aws/README.md b/knowledge base/cloud computing/aws/README.md index 2e301d8..2ac92e2 100644 --- a/knowledge base/cloud computing/aws/README.md +++ b/knowledge base/cloud computing/aws/README.md @@ -15,6 +15,9 @@ 1. [Inspector](#inspector) 1. [Kinesis](#kinesis) 1. [KMS](#kms) + 1. [Lambda functions](#lambda-functions) + 1. [Load balancing](#load-balancing) + 1. [Application Load Balancers](#application-load-balancers) 1. [PrivateLink](#privatelink) 1. [Security Hub](#security-hub) 1. [Step Functions](#step-functions) @@ -314,6 +317,7 @@ Options: | [ECS] | Run containers as a service | | [EFS] | Serverless file storage | | [EKS] | Managed Kubernetes clusters | +| [ELB] | Load balancers | | [EventBridge] | Stream real time data | | [GuardDuty] | Threat detection | | [IAM] | Access control | @@ -528,6 +532,45 @@ This price increase is capped at the second rotation. Any subsequent rotations w Each key counts as one when calculating key resource quotas, regardless of the number of rotated key material versions. +### Lambda functions + +TODO. + +### Load balancing + +#### Application Load Balancers + +Application load balancers can use rules to forward traffic to different targets depending on the requests' data (e.g. +its `path`). + +> [!warning] +> ALBs **cannot** rewrite requests' `host` header or path.
+> Use [CloudFront] or other solutions like custom forwarder or [Lambda functions] instead. + +Using rules in AWS application load balancers to redirect by path **keeps the path** in the forwarded request.
+Applications that serve their files using _relative_ paths will not be able to find the resources, as the path will not +be available in the app's folder (and hence in the browser). + +E.g.: given an ALB with a rule forwarding requests for paths matching `/some-app`, requests for +`https://example.com/some-app/static/js/index.js` will be forwarded _as-is_ and try fetching content from the +`/some-app` folder _in the application_. + +> [!important] +> This does **not** happen for targets that are tasks to ECS.
+> Those are treated differently by the ALB (insert quotation here), and the requests' path is replaced with `/`. +> +> FIXME: since 2025-10-15, it looks like they can by using Rule Transforms.
+> Check the [news post](https://aws.amazon.com/about-aws/whats-new/2025/10/application-load-balancer-url-header-rewrite), +> the [blog post](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-url-and-host-header-rewrite-with-aws-application-load-balancers/), +> and [Rule Transforms](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/rule-transforms.html). + +Solutions for this include: + +- Rewriting the requests' path to `/` before forwarding them. +- Using an ECS-backed target. +- Using an ALB dedicated for the host (e.g. `some-app.example.com`) to forward requests **directly** using only the + default rule (`path = /*`). + ### PrivateLink See also [Access AWS services through AWS PrivateLink]. @@ -1111,6 +1154,7 @@ If one can, prefer just build the image from an EC2 instance. [config]: #config [detective]: #detective [direct connect]: #direct-connect +[ELB]: #load-balancing [enterprise discount program]: #enterprise-discount-program [eventbridge]: #eventbridge [free tier]: #free-tier @@ -1118,12 +1162,13 @@ If one can, prefer just build the image from an EC2 instance. [inspector]: #inspector [kinesis]: #kinesis [kms]: #kms +[Lambda functions]: #lambda-functions [privatelink]: #privatelink [reserved instances]: #reserved-instances [savings plans]: #savings-plans [security hub]: #security-hub -[Step Functions]: #step-functions [spot instances]: #spot-instances +[Step Functions]: #step-functions [tiered pricing]: #tiered-pricing