In August 2016, Elastic Load Balancing launched Application Load Balancer (ALB), which enable many layer 7 features for your HTTP traffic. People use Application Load Balancers because they scale automatically to adapt to changes in your traffic. This makes planning for growth easy, but it has a side effect of changing the IP addresses that clients connect to. This is normal, and it works for cases where clients can connect to any website and use best practices for resolving DNS.
The issue is that clients can’t always connect to every IP address on the internet, and best practices aren’t always used. This makes using ALB tricky if you have old devices or a security-conscious network administrator. A static IP address lets you deal with these problems, and it does it without the need to update all of your clients or put in a work-around, such as running scripts to keep your firewall updated with the current IP addresses.
Fast-forward a year later to the launch of the Network Load Balancer (NLB), a layer 4 TCP load balancer. NLB enables static IP addresses for each Availability Zone. These static addresses don’t change, so they are good for our firewalls’ whitelisting. However, NLB allows only TCP traffic, no HTTPS offloading, and they have none of the nice layer 7 features of ALB.
Before now, you had to choose either the benefits of NLB or the benefits of ALB, but you couldn’t have both together. This blog post shows you how to have your cake and eat it too, by putting an Application Load Balancer behind a Network Load Balancer.
This site is host behind and ALB for TLS termination. In front of this ALB, we place a NLB which offers static IPs.