AWS Classic Load Balancer through Cloudformation. Everything you need.

The Classic ELB has a number of features available to help provide high availability, monitoring, and better security for your application stack.

The AWS Classic Load Balancer (CLB) operates at Layer 4 of the OSI model. What this means is that the load balancer routes traffic between clients and backend servers based on IP address and TCP port.

For example, an Load Balancer at a given IP address receives a request from a client on TCP port 80 (HTTP). It will then route that request based on the rules previously configured when setting up the load balancer to a specified port on one of a pool of back-end servers. In this example, the port on which the load balancer routes to the target server will often be port 80 (HTTP) or 443 (HTTPS).

The backend destination server will then fulfill the client request, and send the requested data back to the ELB, which will then forward the backend server reply to the client. From the client’s perspective, this request will appear to have been entirely fulfilled by the ELB. The client will have no knowledge of the backend server or servers fulfilling client requests.

Though it is possible to have a single server behind a load balancer, it is best to have a pool of servers behind an ELB. It’s also a matter of best practice to have multiple servers in multiple Availability Zones within a region to support high availability. That way, if an AZ becomes unavailable for some reason, the ELB can route traffic to AZs which are accessible, and avoid the inaccessible AZ while it is unavailable.

In the default configuration, the Classic Load Balancer will route traffic evenly between Availability Zones (AZ) that are enabled in the ELB. Due to the way some clients handle DNS, load imbalance can occur if there aren’t an equal number of servers to answer requests in each AZ with this configuration. With cross-zone load balancing enabled, traffic will be distributed evenly amongst all instances in all Availability Zones that are enabled in the ELB.

Enabling cross-zone load balancing will help to mitigate potential load imbalance and also ensure better availability of your application. For the sake of consistency and ease of maintenance, it is also recommended to maintain equal numbers of target instances in each availability zone.

Security group: RULES
Virtual firewall which controls who can send and receive communication from an instance in AWS. They have rules that can be dynamically changed.

Parameters:
VPC ID, Subnets and Security Groups

Mappings:
Security/server certificates that we use to connect securely to our resource. Provided by AWS certificate manager or any other third party vendor.
If you use HTTPS (SSL or TLS) for your front-end listener, you must deploy an SSL/TLS certificate on your load balancer. The load balancer uses the certificate to terminate the connection and then decrypt requests from clients before sending them to the instances. They are issued by certificate authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer. Certificate must be in the same region as the load balancer.

Resource:
AWS::ElasticLoadBalancing::LoadBalancer

properties :
ConnectionDrainingPolicy: describes how deregistered or unhealthy instances handle in-flight requests. Connection draining ensures that the load balancer completes serving all in-flight requests made to a registered instance when the instance is deregistered or becomes unhealthy. Without connection draining, the load balancer closes connections to deregistered or unhealthy instances, and any in-flight requests are not completed.

ConnectionSettings: Specifies how long front-end and back-end connections of your load balancer can remain idle. After the specified time(seconds), the load balancer closes the connection.
CrossZone: Whether cross-zone load balancing is enabled for the load balancer. With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones.
Listeners: A listener is a process that checks for connection requests. It is configured with a protocol and a port for front-end (client to load balancer) connections and a protocol, port for back-end (load balancer to instance) connections. One or more listeners for this load balancer. It has its properties like, Instance Port: 6666 # specifies the TCP port on which the instance server listens. Instance Protocol: TCP # specifies the protocol to use for routing traffic to back-end instances. LoadBalancerPort: 6666 # specifies the external load balancer port number. Protocol: TCP # specifies the load balancer transport protocol to use for routing from the LB to the Client.
Scheme: internal: For load balancers attached to an Amazon VPC, this parameter can be used to specify the type of load balancer to use. Specify internal to create an internal load balancer with a DNS name that resolves to private IP addresses or internet-facing to create a load balancer with a publicly resolvable DNS name, which resolves to public IP addresses. NOTE: when we have scheme as internal, we need to provide subnets to the CLB.

SecurityGroups: Controls the traffic coming in and going out of instance. We must make a security group specifically for CLB, can’t use the security group from a VPC. The SG needs to be in the same region as the CLB. (NOTE: SG applies to all AZs of a region). We CAN NOT change the security group of the CLB after its launch, but can add/remove rules on the fly.

LBCookieStickinessPolicy : Generates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent), or by a specified expiration period. This policy can be associated only with HTTP/HTTPS listeners.

On the output side, we get !Ref LoadBalancerName to get the logical ID of this load balancer resource and !RefLoadBalancerName.DNSName gives the The DNS name for the load balancer. Note: DNS name is a property of LB with scheme as internal. External facing LB has other properties, please refer to the Amazon resource guide.