Configuring an AWS Lambda Target on an AWS Application Load Balancer

ByKenneth Attard

December 27, 2021 , , ,
  1. In the AWS management console search for Lambda

2. Once the Lambda console loads, click create Function

3. Choose Author from Stratch

4. In the basic information choose the Function name and the runtime type from the dropdown menu and the architecture needed

If ARM architecture will be used, the function will be executed on AWS Graviton Processors. For the runtime a number of options are available:

5. The next step is to choose the Lambda function execution role

If you have an already created role choose to use an existing role and choose the role from the drop-down

6. If needed you can enable code signing and enable network in the advanced settings

If you ensure the lambda function is from an authorised source enable the code signing and you need to configure code signing configuration from the Code signing configurations from Additional resources in the Lambda management console. and Click create configuration

For the configuration, you need to specify the name and choose a signing profile. You can create a new one by clicking add signing profile. You can choose warn or enforce on non-conformance. Either a message in cloudwatch if warn option is used or block with enforce

For The Enable network is to provide the Lambda function network access to our own VPC which is not available unless you enable the network access

7. The next step is to create the Lambda function by clicking Create function

8. In my case, I will use the default lambda example in python

In normal cases you usually upload a zip file with the lambda function by click the upload from button. You have 2 options either from a zip file or S3 location

8. Go to the EC2 console to start creating the ALB by choosing the load balancer option

9. In our case we need to choose Application Load Balancer (ALB)

10. We need to specify a name for the load balancer and whether the load balancer will be publicly available on the internet or internal. We also need to choose whether the ALB will use IPv6 (dual stack) or not.

11. The next setup is to determine the VPC and the subnet in which the ALB will be deployed. You need to choose at least 2 AZ

12. A security group is needed to be associated with the Application load balancer, you can either choose an existing security group or create a new one

In this case, a new security group is chosen, enter a name for the security group and enter a description for the ALB

The next step is to choose the VPC to associate the security group with it

13. Inbound rules are needed. Click add rule to start adding allow rules

14. From the type dropdown, choose the appropriate protocol and the necessary port.

15. For the source choose the required option from the drop-down and enter the source needed and a description

16. Repeat the same for outbound rules if needed and click add rule

17. Enter tags if needed by click the add new Tag option and click create security group button.

18. Choose the listener protocol dropdown either HTTP or HTTPS and choose the port required.

19. The next step is to choose a target group from the dropdown list or choose create target group

In our case, we will create a new target group by clicking the Create target group option

20. We need to choose the target type, in our case we will use the Lambda function option and choose the target group name

21. Enable the health checks by clicking Enable

22. If needed optimize Advanced health check settings

23. If needed set the tags and click next

24. Choose the previous lambda function created and choose the latest version

25. Click create target group

26. Once the target group is created

27. Choose the newly created target group and click add Add listener

28. If you need a static IP click create an accelerator to get static IP addresses and enter the accelerator name

29. The final step is to create the load balancer by clicking Create load balancer

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.