aws-ipranges-alb.md

Application Load Balancer (aws-ipranges-alb)

Deployment via CloudFormation console

Download aws-ipranges-alb.yaml file and login to AWS CloudFormation console. Choose Create Stack, Upload a template file, Choose File, select aws-ipranges-alb.yaml and choose Next.

CloudFormation Parameters

Specify a Stack name and adjust parameters values as desired. Parameters options include

ALB API

• awsServices: Names of AWS service to return by root URL separated by commas. Default is CLOUDFRONT_ORIGIN_FACING
• allowIPv4prefix: Source IPv4 prefix allowed to access ALB. Default is 0.0.0.0/0
• allowIPv6prefix: Source IPv6 prefix allowed to access ALB. Default is ::/0

Lambda

• pythonRuntime: Python runtime version. Default is python3.12
• cpuArchitecture: instruction set architecture, either x86_64 or arm64. Default is arm64

Load Balancer

• albScheme: ALB scheme, either internet-facing or internal. An internet-facing load balancer routes requests from clients to targets over the internet. An internal load balancer routes requests to targets using private IP addresses. Default is internet-facing

Networking

• ipAddressType: IP address type, either IPv4, IPv4-and-IPv6 or IPv6. Default is IPv4
• vpc: VPC to deploy ALB
• subnets: subnets for ALB. Select at least 2 AZ subnets

HTTPS listener (optional)

• certificateArn: Certificate ARN for HTTPS listener. Leave blank not to create HTTPS listener
• securityPolicy: Security policy for HTTPS listener. Default is ELBSecurityPolicy-TLS13-1-2-2021-06
• redirectHTTPtoHTTPS: option to redirect HTTP requests to HTTPS. Default is No
• sendHSTSheader: option to send HSTS (HTTP Strict Transport Security) header over HTTPS. Default is Yes

Continue Next with Configure stack options, Review settings, and click Create Stack to launch your stack.

After stack has been successfully created, its status changes to CREATE_COMPLETE.

CloudFormation Outputs

The following are available in Outputs section

• albDnsName: ALB domain name. Create a DNS CNAME or Route 53 alias to this value especially if you are using HTTPS listener
• albConsole: ALB console URL
• lambdaFunctionLog: CLoudWatch log URL for Lambda function

ALB Customisation

Refer to Application Load Balancer documentation for customisation options. Some examples include

• Routing traffic to an ELB load balancer
• Application Load Balancers and AWS WAF
• Mutual authentication with TLS in Application Load Balancer
• Access logs for your Application Load Balancer
• Connection logs for your Application Load Balancer

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.