aws-ipranges-alb.md

Application Load Balancer (aws-ipranges-alb)

HTTPS Support

To use Application Load Balancer (ALB) with HTTPS, either request a public certificate or import a certificate into AWS Certificate Manager first.

Deploying using CloudFormation console

Download aws-ipranges-alb.yaml file and login to AWS CloudFormation console. Choose Create Stack, Upload a template file, Choose File, select aws-ipranges-alb.yaml and choose Next.

CloudFormation Parameters

Specify a Stack name and adjust parameters values as desired. Parameters options include

ALB API

• awsServices: Names of AWS service to return by root URL separated by commas. Default is CLOUDFRONT_ORIGIN_FACING
• allowIPv4prefix: Source IPv4 prefix allowed to access ALB. Default is 0.0.0.0/0
• allowIPv6prefix: Source IPv6 prefix allowed to access ALB. Default is ::/0

Lambda

• pythonRuntime: Python runtime version. Default is python3.13
• cpuArchitecture: instruction set architecture, either x86_64 or arm64. Default is arm64

Load Balancer

• albScheme: ALB scheme, either internet-facing or internal. An internet-facing load balancer routes requests from clients to targets over the internet. An internal load balancer routes requests to targets using private IP addresses. Default is internet-facing

Networking

• ipAddressType: IP address type, either IPv4, IPv4-and-IPv6 or IPv6. Default is IPv4
• vpc: VPC to deploy ALB
• subnets: subnets for ALB. Select at least 2 AZ subnets

HTTPS listener (optional)

• certificateArn: Certificate ARN for HTTPS listener. Leave blank not to create HTTPS listener
• securityPolicy: Security policy for HTTPS listener. Default is ELBSecurityPolicy-TLS13-1-2-2021-06
• redirectHTTPtoHTTPS: option to redirect HTTP requests to HTTPS. Default is Yes
• hstsHeaderValue: HSTS (HTTP Strict Transport Security) response header value to send. Do not specify a value not to send HSTS header. Default is max-age=31536000; includeSubDomains

Continue Next with Configure stack options, Review settings, and click Create Stack to launch your stack.

After stack has been successfully created, its status changes to CREATE_COMPLETE.

CloudFormation Outputs

The following are available in Outputs section

• albDnsName: ALB domain name. Create a DNS CNAME or Route 53 alias to this value especially if you are using HTTPS listener
• albConsole: ALB console URL
• lambdaFunctionLog: CLoudWatch log URL for Lambda function

ALB Customisation

Refer to Application Load Balancer documentation for customisation options. Some examples include

• Routing traffic to an ELB load balancer
• Application Load Balancers and AWS WAF
• Mutual authentication with TLS in Application Load Balancer
• Access logs for your Application Load Balancer
• Connection logs for your Application Load Balancer

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.