# What is an AWS Elastic Load Balancer (ELB)
The main function of an ELB is to help manage and control the flow of inbound requests destined to a group of targets by distributing these requests evenly across the targeted resource group.

These targets could be a fleet of EC2 instances, Lambda functions, a range of IP addresses or even Containers.

The targets defined within the ELB could be situated across different Availability Zones, or placed within a single AZ.

## ELB example
Suppose you have just created a new application which is currently residing on a single EC2 instance within your environment that is being accessed by a number of users.

* Although it would certainly work and provide a service to your users, this infrastruture layout brings some challenges.
* The one instance where your application is located can fail and your application will be down and unavailable to your users.
* If you experience a sudden spike in traffic, your instance may not be able to handle the additional load based on its performance limitations.

To strengthen your infrastructure and help remediate these challenges, you should introduce an ELB and additional instances running your application.

* AWS ELB will act as the point for receiving incoming traffic from users and evenly distribute the traffic across a greater number of instances.
* The ELB is highly available as this is a managed service provided by AWS.
* If any instances fail, the ELB will automatically detect the failure based on defined metrics and divert any traffic to the healthy instances.
* If you experience a surge in traffic, then the additional instances running your application would help you with the additional load.

One of the many advantages of using ELB is the fact that it is managed by AWS, and it is be definition, elastic.

It will automatically scale to meet your incoming traffic as the incoming traffic scales both up and down.

If you are running your own load balancer by yourself, then you would need to worry about scaling your load balancer and enforcing high availability.

With an AWS ELB, you can create your load balancer and enable dynamic scaling with just a few clicks.

## Load balancer types
https://aws.amazon.com/elasticloadbalancing/features/

* Application Load Balancer
    * Flexible feature set for your web applications running the HTTP or HTTPS protocols
    * Operates at the request level
    * Advanced routing, TLS termination, and visibility features targeted at application architecture
* Network Load Balancer
    * Ultra-high performance while maintaining very low latency
    * Operates at the connection leve, routing traffic to targets within your VPC
    * Handles millions of requests per second
* Classic Load Balancer
    * Used for applications that were built in the existing EC2 Classic environment
    * Operates at both the connection and request level

## ELB Components
* Listeners
    * For every load balancer, you must configure at least one listener<br>
    The listener defines how your inbound connections are routed to your target groups based on ports and protocols set as **conditions**.
* Target Groups
    * A target group is a group of your resources that you want your ELB to route requests to<br>
    You can configure your ELB with a number of different target groups, each associated with a different listener configuration and associated **rules**.
* Rules
    * Rules are associated to each listener that you have configured within your ELB<br>
    They help to define how an incoming request gets routed to which target group

Your ELB can contain one or more listeners, each listener can contain one or more rules, and each rule can contain more than one condition, and all conditions in the rule equal a single action.

The **IF** statement resembles the conditions.

The **THEN** statement acts as the action if all conditions are met.

* Health Checks
    * A health check is performed against the resources defined within the target group<br>
    These health checks allow the ELB to contact each target using a specific protocol to receive a response
* Internal ELB or Internet-Facing ELB
    * Internal-Facing ELB
        * The nodes of the ELB are accessible via the Internet and so have a public DNS name that can be resolved to its public IP address, in addition to an internal IP address.<br>
        This allows the ELB to serve incoming request from the internet before distributing and routing the traffic to your target groups.
    * Internal ELB
        * An internal ELB only has an internal IP address, this means that it can only server requests that originate from within your VPC itself.
* ELB Nodes
    * For each AZ selected, an ELB node will be placed within that AZ<br>
    You need to ensure that you have an ELB node associated to any AZs for which you want to route traffic to
    The Nodes are used by the ELB to distribute traffic to your target groups
* Cross-Zone Load Balancing
    * Depending on which ELB option you select you may have the option of enabling and implementing Cross-Zone load balancing within your environment
    * When cross-zone load balancing is disabled, each ELB in its associated AZ will distribute its traffic with the targets within that AZ only.
    * With cross-zone load balancing enabled, the ELBs will distribute all incoming traffic evenly between all targets. 

# SSL Server Certificates
The Application Load Balancer (ALB) provides a flexible feature set for your web applications running the HTTP or HTTPS protocols.

## Using HTTPS as a Listener
HTTPS allows an encrypted commuinication channel to be set up between clients initiating the request and your ALB.

To allow your ALB to receive encrypted traffic over HTTPS it will need a server certificate and an associated security policy.

Secure Sockets Layer (SSL) is a cryptographic protocol, much like Transport Layer Security (TLS).<br>
Both SSL and TLS are used interchangeably when discussing certificates on your ALB.

The server certificate used by the ALB is an X.509 certificate, which is a digitial ID provisioned by a Certificate Authority such as the AWS Certificate Manager (ACM).

This certificate is used to terminate the encrypted connection received from the remote client, and then the request is decrypted and forwarded to the resources in the ELB target group.

When you select HTTPS as your listener, you will be asked to select a certificate using 1 of 4 options:
1. Choose a certificate from ACM
2. Upload a certificate to ACM
3. Choose a certificate from IAM
4. Upload a certificate to IAM

ACM allows you to create an provision SSL/TLS server certificates to be used within your AWS environment across different services.

IAM is used as your certificate manager when deploying your ELBs in regions that are not supported by ACM.

# Application Load Balancer
The ALB operates at layer 7 of the Open Systems Interconnection (OSI) Model, the application layer.

The application layer serves as the interface for users and application processes to access network services.

Examples of the application processes or services it offers are http, ftp, smtp, and nfs.

## Target groups
A target group is simply a group of resources that you want your ELB to route requests to.

You might want to configure different target groups depending on the nature of your requests.

You could configure 2 different target groups and then route traffic depending on the request to different targets through the use of listeners and rules.

# Network Load Balancer
The principles between the Application Load Balancer (ALB) and the Network Load Balancer are the same as how the overall process works.

The ALB works at the application level (layer 7), analysing the HTTP header to direct the traffic.

The Network Load Balancer operates at the transport level (layer 4), enabling you to balance requests purely based upon the TCP protocol.

The NLB is able to process millions of requests per second.

If your application logic requires a static IP address, then the NLB will need to be your choice of elastic load balancer.

## Cross-Zone Load Balancing
For the NLB, cross-zone load balancing can be enabled/disabled.

The NLB node uses an algorithm whihc uses details based on the TCP sequence, the protocol, source port, source IP, destination port, and destination IP to select the target in that zone to process the request.

When a TCP connection is established with a target host then that connection will remain open with that target for the duration of the request.

# Classic Load Balancers
The Classic Load Balancer supports the TCP, SSL/TLS, HTTP, and HTTPS protocols.

It is considered best practice to use the ALB over the Classic Load Balancer unless you have an existing application running in the EC2-Classic network.

## EC2-Classic
EC2-Classic is a legacy system, no longer available for newer AWS accounts.

The EC2-Classic platform enabled users to deploy EC2 instances in a single, flat network shared with other customers instead of insicde a virtual private cloud.

Although the Classic Load Balancer does not provide as many features as ALB, it does offer the following that ALB does not:
* Support for EC2-Classic
* Support for TCP and SSL listeners
* Support for sticky sessions using application-generated cookies