Elastic Load Balancing (ELB) is a managed service that distributes incoming network traffic across multiple backend targets to improve availability, scalability, and fault tolerance. Analogy: ELB is the traffic cop at a busy intersection directing cars to open lanes. Formal: ELB is a horizontally scalable, front-end proxy and health-aware router with built-in TLS and policy controls.<\/p>\n\n\n\n
What it is \/ what it is NOT<\/p>\n\n\n\n
Key properties and constraints<\/p>\n\n\n\n
Where it fits in modern cloud\/SRE workflows<\/p>\n\n\n\n
A text-only \u201cdiagram description\u201d readers can visualize<\/p>\n\n\n\n
A managed, health-aware traffic router that distributes client requests across multiple backend targets to improve availability, scalability, and resilience.<\/p>\n\n\n\n
ID | Term | How it differs from Elastic Load Balancing ELB | Common confusion\n| T1 | Reverse Proxy | Focused on request\/response manipulation at app level | Confused with ELB when proxy has load features\n| T2 | API Gateway | Provides API management, auth, rate limits | People expect ELB to handle API auth\n| T3 | CDN | Caches static content at edge nodes | Thought to reduce need for ELB for performance\n| T4 | Service Mesh | Sidecar networking for east-west traffic | Confused for replacing ELB at north-south edge\n| T5 | DNS Load Balancer | Uses DNS to distribute traffic | Assumed to be equivalent to ELB for health checks\n| T6 | Layer 4 Load Balancer | Operates at transport layer only | Mistaken as having advanced routing rules\n| T7 | Layer 7 Load Balancer | Inspects HTTP and routes by content | Sometimes used interchangeably with ELB\n| T8 | WAF | Focused on security rules and blocking | Expected to provide routing and scaling\n| T9 | NAT Gateway | Handles outbound IP translation | Mistaken as inbound load distribution\n| T10 | Global Load Balancer | Routes across regions | Assumed to be same as regional ELB<\/p>\n\n\n\n
Business impact (revenue, trust, risk)<\/p>\n\n\n\n
Engineering impact (incident reduction, velocity)<\/p>\n\n\n\n
SRE framing (SLIs\/SLOs\/error budgets\/toil\/on-call)<\/p>\n\n\n\n
3\u20135 realistic \u201cwhat breaks in production\u201d examples<\/p>\n\n\n\n
ID | Layer\/Area | How Elastic Load Balancing ELB appears | Typical telemetry | Common tools\n| L1 | Edge Network | Public listeners and TLS termination | Connection rate TLS handshakes client IP | Load test tools Observability stack\n| L2 | Service \/ Application | HTTP routing to backend services | Request latency HTTP codes backend health | Ingress controllers Service mesh\n| L3 | Kubernetes | Ingress or Service of type LoadBalancer | Endpoint readiness request errors | K8s controllers Metrics server\n| L4 | Serverless | Fronting functions or managed APIs | Invocation latency cold starts errors | Serverless dashboards Tracing\n| L5 | CI\/CD | Blue\/green or canary routing | Deployment rollout success traffic split | CI pipelines Feature flags\n| L6 | Security \/ WAF | Associated policy enforcement at edge | Blocked requests rule matches | WAF logs IDS systems\n| L7 | Observability | Source for traffic telemetry | Request traces error percentages | APM, SIEM, Logs\n| L8 | Cost Management | Billing by data and hours | Data transferred per hour listener hours | Cost dashboards Cloud billing tools<\/p>\n\n\n\n
When it\u2019s necessary<\/p>\n\n\n\n
When it\u2019s optional<\/p>\n\n\n\n
When NOT to use \/ overuse it<\/p>\n\n\n\n
Decision checklist<\/p>\n\n\n\n
Maturity ladder: Beginner -> Intermediate -> Advanced<\/p>\n\n\n\n
Components and workflow<\/p>\n\n\n\n
Data flow and lifecycle<\/p>\n\n\n\n
Edge cases and failure modes<\/p>\n\n\n\n
ID | Failure mode | Symptom | Likely cause | Mitigation | Observability signal\n| F1 | Health check flapping | Targets repeatedly drain and register | Wrong path or aggressive timeout | Tune health checks add grace period | Spike in unregister events\n| F2 | TLS handshake failures | Clients get TLS errors | Certificate mismatch or expired cert | Rotate certs automate renewal | Increase in TLS alert logs\n| F3 | Connection saturation | 5xx or refused connections | ELB hit connection limits | Scale ELB or use multiple listeners | High active connections metric\n| F4 | Misrouted traffic | Users reach wrong service | Overlapping rules or wrong priority | Review rules and test in staging | Increase in unexpected 4xx\/5xx\n| F5 | Slow backend responses | Increased latency and timeouts | Backend overload or GC pauses | Autoscale or optimize backend | Tail latency metric rise\n| F6 | Config propagation delay | New rules not applying quickly | Management API delay | Use controlled rollout and validation | Configuration change age\n| F7 | Uneven load distribution | Some targets overloaded others idle | Sticky sessions or algorithm mismatch | Reconfigure stickiness or algorithm | Per-target request rate skew\n| F8 | DNS TTL issues | Requests stuck to failed region | DNS TTL too long on failover | Reduce TTL or use health-aware DNS | Regional traffic shift lag<\/p>\n\n\n\n
Below are 40+ terms, each with a concise definition, why it matters, and a common pitfall.<\/p>\n\n\n\n
ID | Metric\/SLI | What it tells you | How to measure | Starting target | Gotchas\n| M1 | Request success rate | Availability of service from client POV | Successful responses divided by total requests | 99.9% for external web APIs | Include client-side errors\n| M2 | Request latency p95 | User-facing latency | 95th percentile of request durations | < 500 ms for APIs | Tail latency may vary by endpoint\n| M3 | Error rate 5xx | Server-side failures | 5xx responses \/ total requests | < 0.1% for critical APIs | Distinguish ELB vs backend 5xx\n| M4 | Healthy host count | Capacity and redundancy | Number of targets healthy per AZ | >=2 per AZ or as needed | Health check flaps affect this\n| M5 | Active connections | Load on ELB | Count of open connections | Keep under documented limits | High idle connections can inflate\n| M6 | TLS handshake success | TLS negotiation health | Successful handshakes \/ attempts | 99.99% TLS success | Older clients may fail\n| M7 | TLS renegotiation rate | TLS overhead metric | Number of renegotiations per min | Low or zero | High rate indicates client issues\n| M8 | Request per target | Load distribution | Requests divided by healthy targets | Even distribution expected | Sticky sessions skew this\n| M9 | Backend response time | Backend contribution to latency | Backend processing time metric | p95 < 200 ms internal | Instrumentation required\n| M10 | Config change error rate | Stability of control plane changes | Errors after config changes | Target zero impactful changes | Rollbacks may be needed\n| M11 | Connection errors | Networking failures | Connection failures per minute | Near zero | Bursty networks can spike\n| M12 | Draining completion time | Graceful termination progress | Time to finish open requests | < configured draining period | Long requests delay completion\n| M13 | Rule evaluation latency | Addl ELB processing cost | Time to evaluate listener rules | Small ms range | Complex rules increase latency\n| M14 | Traffic split adherence | Canary\/weight accuracy | Observed vs configured weight | Within 1% for large traffic | Small sample sizes distort\n| M15 | Data transfer out | Cost and capacity | Bytes transferred from ELB | Varies by traffic | High egress costs if unmonitored<\/p>\n\n\n\n
Executive dashboard<\/p>\n\n\n\n
On-call dashboard<\/p>\n\n\n\n
Debug dashboard<\/p>\n\n\n\n
Alerting guidance<\/p>\n\n\n\n
1) Prerequisites\n– Inventory of services and domains.\n– Certificate and key management in place.\n– Observability stack ready for ELB metrics and logs.\n– IaC templates to manage ELB resources.<\/p>\n\n\n\n
2) Instrumentation plan\n– Enable ELB access logs and forward to logging system.\n– Export ELB metrics to monitoring and set baseline dashboards.\n– Ensure application traces propagate through ELB.<\/p>\n\n\n\n
3) Data collection\n– Collect metrics at 10\u201360s granularity.\n– Sample and retain access logs for 30\u201390 days depending on compliance.\n– Aggregate per-target and per-listener metrics.<\/p>\n\n\n\n
4) SLO design\n– Define primary SLI (request success rate) and latency SLOs.\n– Allocate error budgets across ELB and backend responsibilities.\n– Document attribution rules in SLO policy.<\/p>\n\n\n\n
5) Dashboards\n– Build executive, on-call, debug dashboards as above.\n– Include templating for service and region.<\/p>\n\n\n\n
6) Alerts & routing\n– Define alerts for SLO breaches, health check flaps, and TLS failures.\n– Route to appropriate on-call teams with playbooks.<\/p>\n\n\n\n
7) Runbooks & automation\n– Create runbooks for common failures: failed cert rotation, health check misconfiguration, capacity limits.\n– Automate certificate rotation, target registration, and canary rollouts.<\/p>\n\n\n\n
8) Validation (load\/chaos\/game days)\n– Run load tests to validate scaling and connection limits.\n– Conduct chaos tests by simulating target and AZ failures.\n– Game days involving on-call to exercise runbooks.<\/p>\n\n\n\n
9) Continuous improvement\n– Postmortem changes, refine health checks, tune autoscaling.\n– Automate repeated manual fixes into code.<\/p>\n\n\n\n
Checklists<\/p>\n\n\n\n
Pre-production checklist<\/p>\n\n\n\n
Production readiness checklist<\/p>\n\n\n\n
Incident checklist specific to Elastic Load Balancing ELB<\/p>\n\n\n\n
1) Public web application\n– Context: Multi-AZ web app serving global users.\n– Problem: Need availability and TLS management.\n– Why ELB helps: Central TLS termination and health routing.\n– What to measure: Request success rate, TLS failures, latency.\n– Typical tools: Cloud metrics, CDN for static content.<\/p>\n\n\n\n
2) API microservices\n– Context: Several stateless microservices behind single domain.\n– Problem: Route requests by path and maintain availability.\n– Why ELB helps: Path-based routing and target groups.\n– What to measure: Per-path latency and error rates.\n– Typical tools: Tracing and API monitoring.<\/p>\n\n\n\n
3) Kubernetes ingress\n– Context: K8s cluster requiring external access.\n– Problem: Expose services securely and scale with cluster.\n– Why ELB helps: Integrates as cloud provider LoadBalancer service.\n– What to measure: Ingress error rate and per-service traffic.\n– Typical tools: Prometheus, kube-state-metrics.<\/p>\n\n\n\n
4) Blue\/green deployment\n– Context: Risky release with database compatibility concerns.\n– Problem: Need fast rollback capability.\n– Why ELB helps: Weighted target groups for traffic shift.\n– What to measure: Traffic split adherence and error delta.\n– Typical tools: CI\/CD pipeline and metrics.<\/p>\n\n\n\n
5) Serverless fronting\n– Context: Function APIs exposed publicly.\n– Problem: Protect functions from sudden spikes.\n– Why ELB helps: TLS and basic rate shaping; front of managed APIs.\n– What to measure: Invocation latency and concurrency.\n– Typical tools: Serverless observability and throttles.<\/p>\n\n\n\n
6) Global failover\n– Context: Multi-region deployments for resilience.\n– Problem: Route users to nearest healthy region.\n– Why ELB helps: Part of global routing stack to detect region health.\n– What to measure: Regional availability and DNS failover time.\n– Typical tools: Global DNS, region health monitors.<\/p>\n\n\n\n
7) Internal TCP proxying\n– Context: Streaming or database proxying.\n– Problem: Need transport-level balancing without HTTP parsing.\n– Why ELB helps: Layer 4 balancing with minimal overhead.\n– What to measure: Active connections and error rates.\n– Typical tools: Network metrics and tracing.<\/p>\n\n\n\n
8) Compliance endpoint\n– Context: Regulated environment requiring audit logs.\n– Problem: Need request logs and TLS proof.\n– Why ELB helps: Access logs provide request-level audit trail.\n– What to measure: Access log completeness and retention.\n– Typical tools: SIEM and log archives.<\/p>\n\n\n\n
Context:<\/strong> A team manages multiple web services in a single Kubernetes cluster serving different hostnames. Context:<\/strong> Using managed FaaS endpoints for microservices and exposing public APIs. Context:<\/strong> Production outage where TLS cert expired, causing large drop in traffic. Context:<\/strong> Streaming or file delivery service with high data egress and occasional spikes. List of mistakes with Symptom -> Root cause -> Fix (15\u201325 entries)<\/p>\n\n\n\n Observability pitfalls (at least 5 included above)<\/p>\n\n\n\n Ownership and on-call<\/p>\n\n\n\n Runbooks vs playbooks<\/p>\n\n\n\n Safe deployments (canary\/rollback)<\/p>\n\n\n\n Toil reduction and automation<\/p>\n\n\n\n Security basics<\/p>\n\n\n\n Weekly\/monthly routines<\/p>\n\n\n\n What to review in postmortems related to Elastic Load Balancing ELB<\/p>\n\n\n\n ID | Category | What it does | Key integrations | Notes\n| I1 | Monitoring | Collects ELB metrics and alerts | Metrics backend logs tracing | Use for SLIs and SLOs\n| I2 | Logging | Stores ELB access logs | SIEM object storage analytics | Essential for forensics\n| I3 | Tracing | End-to-end request tracing | App traces header propagation | Requires header preservation\n| I4 | CI\/CD | Automates ELB config rollouts | IaC and pipelines | Prevents manual drift\n| I5 | Certificate Mgmt | Manages TLS cert lifecycle | IAM secrets vault | Automate rotations\n| I6 | WAF | Protects from attacks | ELB rule integrations | Tune to avoid false positives\n| I7 | CDN | Offloads static content | Cache and origin shielding | Reduces ELB egress\n| I8 | Autoscaling | Adds\/removes targets | Target group hooks metrics | Prevents saturation\n| I9 | DNS \/ Global LB | Routes to regions | Health checks and routing policies | Use for geo-failover\n| I10 | Cost Monitoring | Tracks ELB costs | Billing and tagging systems | Alerts for unexpected egress<\/p>\n\n\n\n ELB focuses on traffic distribution and TLS termination; API Gateway adds features like auth, rate limiting, and request transformations.<\/p>\n\n\n\n Typically ELBs do not provide advanced rate limiting; use API Gateway or WAF for rate control.<\/p>\n\n\n\n Automate with a certificate manager, validate in staging, and perform staged rollouts with health checks.<\/p>\n\n\n\n Varies \/ depends on provider and change type; small rule changes usually apply in seconds to minutes.<\/p>\n\n\n\n Balance detection speed against false positives; add a warm-up grace period during scale-ups.<\/p>\n\n\n\n Access logs are valuable but combine with application logs and SIEM for full compliance posture.<\/p>\n\n\n\n Layer 7 ELBs can route by host and path; deeper content inspection often belongs to API gateways.<\/p>\n\n\n\n Include ELB success rate and latency in the service SLI and attribute errors through tracing.<\/p>\n\n\n\n Yes for north-south ingress; avoid duplicating routing logic across ELB and mesh.<\/p>\n\n\n\n Use autoscaling, warm pools, caching at CDN, and pre-warming if supported.<\/p>\n\n\n\n At least two is common for redundancy; depends on risk tolerance and SLOs.<\/p>\n\n\n\n Check cookie settings and distribution; prefer stateless backends if imbalance persists.<\/p>\n\n\n\n Yes; internal ELBs are common for private clusters and cross-account architectures.<\/p>\n\n\n\n Metrics, access logs, and tracing with header preservation are minimums.<\/p>\n\n\n\n Generally avoid chaining unless required; it adds latency and complexity.<\/p>\n\n\n\n Use blue\/green or canary deployments and controlled traffic shifting.<\/p>\n\n\n\n Varies \/ depends on provider; check your cloud provider docs for quotas and connection limits.<\/p>\n\n\n\n When you need advanced application logic not supported by ELB or need extreme customization.<\/p>\n\n\n\n Elastic Load Balancing ELB is a foundational cloud component for routing, TLS termination, and availability. Properly instrumented and integrated with autoscaling, observability, and CI\/CD, ELB reduces incident impact and speeds delivery. Treat it as a platform dependency with clear ownership, automated operational tasks, and inclusion in SLOs.<\/p>\n\n\n\n Next 7 days plan (5 bullets)<\/p>\n\n\n\n Primary keywords<\/p>\n\n\n\n Secondary keywords<\/p>\n\n\n\n Long-tail questions<\/p>\n\n\n\n Related terminology<\/p>\n\n\n\n —<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[149],"tags":[],"class_list":["post-2058","post","type-post","status-publish","format-standard","hentry","category-terminology"],"yoast_head":"\n\n
Scenario #2 \u2014 Serverless\/managed-PaaS: Fronting managed APIs<\/h3>\n\n\n\n
\n
Scenario #3 \u2014 Incident-response\/postmortem: TLS certificate expiry outage<\/h3>\n\n\n\n
\n
Scenario #4 \u2014 Cost\/performance trade-off: Egress-heavy media service<\/h3>\n\n\n\n
\n
\n\n\n\nCommon Mistakes, Anti-patterns, and Troubleshooting<\/h2>\n\n\n\n
\n
\n
\n\n\n\nBest Practices & Operating Model<\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n\n\n\nTooling & Integration Map for Elastic Load Balancing ELB (TABLE REQUIRED)<\/h2>\n\n\n\n
Row Details (only if needed)<\/h4>\n\n\n\n
\n
\n\n\n\nFrequently Asked Questions (FAQs)<\/h2>\n\n\n\n
What is the difference between ELB and an API Gateway?<\/h3>\n\n\n\n
Can ELB do rate limiting?<\/h3>\n\n\n\n
How do I handle TLS certificate rotation safely?<\/h3>\n\n\n\n
How quickly do ELB config changes propagate?<\/h3>\n\n\n\n
How should I pick health check timeouts and intervals?<\/h3>\n\n\n\n
Are ELB access logs enough for compliance?<\/h3>\n\n\n\n
Can ELB route by request content?<\/h3>\n\n\n\n
How do I measure ELB impact on SLOs?<\/h3>\n\n\n\n
Should I place ELB in front of a service mesh?<\/h3>\n\n\n\n
How do I handle sudden traffic spikes?<\/h3>\n\n\n\n
How many healthy targets should I maintain per AZ?<\/h3>\n\n\n\n
How to debug sticky session imbalance?<\/h3>\n\n\n\n
Can ELB be used for internal services?<\/h3>\n\n\n\n
What observability is required for ELB?<\/h3>\n\n\n\n
Is it okay to chain ELBs?<\/h3>\n\n\n\n
How do I test ELB changes safely?<\/h3>\n\n\n\n
What limits should I be aware of?<\/h3>\n\n\n\n
When should I move from managed ELB to custom proxy?<\/h3>\n\n\n\n
\n\n\n\nConclusion<\/h2>\n\n\n\n
\n
\n\n\n\nAppendix \u2014 Elastic Load Balancing ELB Keyword Cluster (SEO)<\/h2>\n\n\n\n
\n
\n
\n
\n