Skip to main content

Create an App LB in AWS

· 6 min read
Cristian Dávila
Data Engineer

In this guide, I'll walk through how to set up an AWS Application Load Balancer (ALB) to route traffic to different ECS services based on domain names, allowing you to host multiple websites on a single ECS cluster.

The Scenario

We have two websites:

  • Webpage A with domain: inmo-track.com
  • Webpage B with domain: time-track.me

Both are running as separate nginx services in AWS ECS:

  • An nginx service for Webpage A that listens to port 80
  • An nginx service for Webpage B that listens to port 8080

Our goal is to configure an Application Load Balancer that will direct traffic to the appropriate service based on the incoming domain.

Step 1: Create Target Groups

First, we need to create target groups for each of our services (they can be created also when creating setting up the Load Balancer for each service):

  1. Navigate to EC2 > Load Balancing > Target Groups

  2. Click "Create target group"

  3. For Webpage A:

    • Target type: IP addresses
    • Name: webpage-A-tg
    • Protocol: HTTP, Port: 80
    • Health check path: / (or your specific health check path)
    • Click "Next"
    • VPC: Select your VPC, enter an IPv4 address from a VPC subnet (explained below) and the Nginx port, in this case the port is 80
    • Click "Include as pending below"
    • Click "Create target group"

    If you need to manually register targets after creating the target group or add the spcific IPv4 address from a VPC:

    • Select the target group and click "Register targets" or in the "Register targets" step if you create the target group
    • When prompted "Enter an IPv4 address from a VPC subnet":
      • For a VPC CIDR of 172.31.0.0/16, you should enter the specific IP of your ECS task
      • This would be an IP in the range of 172.31.X.X (e.g., 172.31.11.12)
      • To find the exact IP of your task, go to ECS > Clusters > [Your Cluster] > Services > [Service Name] > Tasks tab > Select your task (click on it) > Configuration section > Private IP
    • Enter port 80 (or your application's port, for webpage B would be 8080)
    • Click "Include as pending below"
    • Click "Register pending targets"
  4. Repeat for Webpage B:

    • Target type: IP addresses
    • Name: webpage-B-tg
    • Protocol: HTTP, Port: 80
    • VPC: Select the same VPC as Webpage A
    • Health check path: / (or your specific health check path)
    • Click "Next"
    • Select VPC, IPv4 address and Nginx port (8080 in this case)
    • Click "Include as pending below"
    • Click "Create target group"

Step 2: Create the Application Load Balancer

  1. Navigate to EC2 > Load Balancing > Load Balancers
  2. Click "Create load balancer"
  3. Select "Application Load Balancer"
  4. Basic configuration:
    • Name: multi-domain-alb
    • Scheme: internet-facing
    • IP address type: ipv4
  5. Network mapping:
    • VPC: Select your VPC
    • Mappings: Select at least two Availability Zones and public subnets
  6. Security groups:
    • Create or select a security group that allows HTTP (port 80) and HTTPS (port 443)
  7. Listeners and routing (rules can be created later):
    • HTTP on port 80: Forward to the default target group (e.g., webpage-C if you have another webpage)
    • Add HTTPS on port 443 if you have SSL certificates
  8. Click "Create load balancer"

Step 3: Configure Listener Rules for Host-Based Routing

  1. After ALB creation, navigate to the "Listeners" tab
  2. Select the HTTP:80 listener and click "View/edit rules"
  3. Click "Add rules"
  4. Create a rule for Webpage A (I will use inmo-track.com as example):
    • Condition: Host header is inmo-track.com
    • Action: Forward to inmo-track-tg
  5. Create a rule for Webpage B (I will use time-track.me as example):
    • Condition: Host header is time-track.me
    • Action: Forward to time-track-tg
  6. Make sure to set the priority of these rules above the default rule

Step 4: Update ECS Task Definition and Service

For both services, update the task definitions to work with the ALB:

  1. Navigate to Amazon ECS > Task Definitions

  2. Create or update task definitions for both services:

    • For each container definition, ensure the port mappings are correctly set (in this example port 80 for webpage A and 8080 for B)
    • Make sure the container ports are accessible
  3. Create the ECS services (Note that if you already has an ECS Service, its probably you need to delete it and create it again):

    • Navigate to your ECS cluster

    • Select the service you want to update or click "Create" to make a new service

    • In the service creation/update wizard:

      For Webpage A:

      • On the "Configure service" page, select your task definition and configure other service settings
      • In the deployment configuration section, set your desired service options
      • In the "Networking" section (might appear as a separate tab or section):
        • Configure your VPC, subnets, and security groups
      • In the "Load balancing" section (usually found below the networking options):
        • Select "Application Load Balancer" as the load balancer type
        • For service IAM role, select an appropriate role with ECS service permissions
        • In the "Container to load balance" section, select your container name and port
        • For "Target group name", select inmo-track-tg from the dropdown
      • Review and complete the remaining steps to create/update the service

      For Webpage B:

      • Follow the same process but select time-track-tg as your target group

Step 5: Configure DNS Records

Create DNS records pointing your domains to the ALB:

  1. Navigate to your DNS provider
  2. Create an A record or CNAME record for inmo-track.com pointing to your ALB DNS name
  3. Create an A record or CNAME record for time-track.me pointing to your ALB DNS name

Step 6: Test Your Configuration

Once DNS propagation completes:

  1. Visit http://inmo-track.com - should serve content from the first ECS service
  2. Visit http://time-track.me - should serve content from the second ECS service

Security Considerations

  • Consider adding HTTPS listeners with SSL certificates
  • Review security groups to ensure only necessary traffic is allowed
  • Set up health checks for continuous service availability monitoring

Conclusion

We've now successfully set up an Application Load Balancer that routes traffic based on domain names to different ECS services. This approach allows you to host multiple websites efficiently while maintaining proper separation between services.

This implementation is cost-effective and scalable, making it ideal for hosting multiple domains on a single AWS infrastructure (like the free tier for this example).