ELB
Last updated: May 21, 2026
Rationale
AWS ELB (Elastic Load Balancing) is the service we use for exposing applications to the Internet. It provides load balancers using an IaaS model.
The main reasons why we chose it over other alternatives are the following:
- It seamlessly integrates with VPC, EC2, EKS, etc., allowing for the easy serving of applications hosted in the cloud.
- It complies with several certifications from ISO and CSA. Many of these certifications are focused on ensuring that the entity follows best practices regarding secure cloud-based environments and information security.
- When combined with Kubernetes, it allows for balancing application load by distributing requests to multiple replicas using a horizontal scaling approach.
- It has its own Kubernetes module for automatically provisioning application load balancers when Kubernetes applications are deployed. This is especially useful for serving ephemeral environments.
- It supports VPC security groups, allowing us to easily set networking inbound and outbound rules for the load balancers.
- Application Load Balancers support
mutual TLS authentication
via an
aws_lb_trust_storethat holds a CA bundle stored in S3. We use this to enforce Authenticated Origin Pulls onapp.fluidattacks.com: Cloudflare must present a leaf certificate signed by our private CA on every connection or the TLS handshake is rejected, replacing fragile IP-allowlist patterns for CDN-bypass protection. - A single load balancer supports multiple availability zones, granting networking redundancy, which is essential for keeping it always available to the Internet.
- It supports health checks, allowing for the constant monitoring of all the endpoints associated with a load balancer. Application requests are only sent to healthy endpoints.
- Application load balancers support rules, allowing us to create complex routing scenarios when it comes to request forwarding.
- It supports application load balancers, network load balancers, and gateway load balancers, providing infrastructure for a wide range of solutions.
- Load balancers can be monitored via CloudWatch.
Alternatives
GCP Cloud Load Balancing and Azure Load Balancer are alternatives (a review of each of them is pending).
Usage
We use ELB for
- serving our platform production environment, and
- serving our ARM ephemeral environments.
We do not use ELB for serving our website, as it is a static site served by S3, which directly provides endpoints without having to manage load balancers.