ALB distributes incoming traffic across multiple targets (see concepts below) in one or more AZ. It provides layer 7 (HTTP/HTTPS) load balancing and SSL offload with host- and path-based routing, sticky sessions, and SNI.

Note that whilst ALBs do not preserve source IPs, they do send the X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port proxy headers.


  • Listeners capture incoming traffic.
    • Optionally, they may also authenticate users through OIDC, or social or corporate IdPs Cognito.
  • Target Groups represent sets of backends to forward the traffic to for processing.
  • Health checks verify that a target within a Target Group is ready to serve traffic.
  • Rules allow selectively matching requests for forwarding to Target Groups, redirecting, requiring authentication or sending a static response.
  • Conditions allow matching traffic meeting configured criteria: Host header or request path.


Target groups can point at:

  • EC2 instances, either manually or via Auto Scaling.
  • IP addresses, either on AWS or external.
  • Lambda functions
  • ECS tasks

[ALB] Application Load Balancer [AWS] Amazon Web Services [AZ] Availability Zone [EC2]: Elastic Container Cloud