CloudNetworking.io
Home / AWS / Load Balancers / AWS Application Load Balancer

AWS Application Load Balancer (ALB) Explained

AWS Application Load Balancer is Amazon’s Layer 7 load balancer designed for HTTP and HTTPS traffic. It is built for modern web applications and APIs that need intelligent request routing, flexible listener rules, and application-aware traffic distribution.

Unlike Network Load Balancer, ALB understands application-layer details such as URL paths and hostnames. That makes it a strong choice for microservices, container platforms, and multi-service web applications.

Layer 7 HTTP HTTPS Path Routing Host Routing Target Groups

Watch this video to understand AWS Application Load Balancer, Layer 7 routing, and real-world traffic flow.

What is AWS Application Load Balancer?

AWS Application Load Balancer is a managed load balancer that operates at Layer 7, which means it understands HTTP and HTTPS traffic and can make routing decisions based on application-level information.

Instead of forwarding traffic only by port and protocol, ALB can inspect the incoming request and decide which backend service should handle it. This is why it is so useful in modern cloud-native applications with multiple services behind a single front-end domain.

Think of ALB as a smart traffic director for web apps. It does not just pass traffic along; it understands request patterns and routes them to the right backend based on rules.
L7

Operates at the application layer

HTTP/HTTPS

Built for web applications and APIs

Rules

Routes traffic based on request details

Why ALB matters in AWS networking

Many cloud applications are no longer single backends. They often consist of APIs, frontends, admin portals, authentication endpoints, and microservices. ALB helps keep all of that organised behind one web-facing entry point.

Application-aware routing

ALB can route based on paths, hosts, and other request conditions.

Microservices friendly

Different services can sit behind a single load balancer and still receive the correct traffic.

Container platform support

ALB is commonly used with ECS and EKS for modern application delivery.

Cleaner front-end design

Users see one entry domain while ALB handles routing logic behind the scenes.

ALB is often the better fit when your workload is built around web traffic and you need smarter routing than a Layer 4 load balancer can provide.

How AWS ALB works

ALB receives HTTP or HTTPS requests on listeners, evaluates listener rules, and forwards traffic to the correct target group. Those target groups can contain EC2 instances, containers, pods, or IP targets depending on your architecture. 

Client
  |
  v
Application Load Balancer
  |
  v
Listener (HTTP / HTTPS)
  |
  v
Rule evaluation
  |
  v
Target Group
  |
  v
EC2 / ECS / EKS / IP targets

Step-by-step flow

  1. A client sends an HTTP or HTTPS request.
  2. The request reaches the ALB listener.
  3. ALB evaluates configured listener rules.
  4. The request is matched to a target group.
  5. Traffic is sent to a healthy backend target.
ALB is designed for HTTP and HTTPS use cases. If you need raw TCP or UDP performance without application-aware rules, NLB is usually the better option.

Key features of AWS ALB

Layer 7 traffic handling

ALB understands HTTP and HTTPS requests and can make routing decisions based on them.

Path-based routing

Requests like /api and /admin can go to different backends.

Host-based routing

Domains like api.example.com and app.example.com can go to separate services.

Target groups

ALB forwards traffic to the right backend grouping based on listener rules.

Health checks

Unhealthy backends are removed from traffic flow automatically.

Modern application fit

ALB works well with APIs, microservices, containers, and multi-service web platforms.

Listeners and rules in ALB

A listener checks for incoming connections on a configured port and protocol, such as HTTP 80 or HTTPS 443. Rules attached to that listener determine where traffic should go.

Why listener rules matter

  • They allow a single ALB to handle multiple application paths.
  • They support host-based routing for different domains or subdomains.
  • They help keep architectures simpler by avoiding separate load balancers for every service.
HTTPS Listener :443
  |
  +--> if host = api.example.com      --> API Target Group
  |
  +--> if host = app.example.com      --> Frontend Target Group
  |
  +--> if path = /admin/*             --> Admin Target Group
  |
  +--> default action                 --> Default Target Group

Path-based routing

Path-based routing allows ALB to inspect the URL path and send traffic to different backend services depending on which part of the application the user is trying to access.

Example

example.com/api/*    --> API service
example.com/admin/*  --> Admin service
example.com/*        --> Frontend service

This is especially useful for microservices and applications where different components need separate scaling, deployments, or teams.

Host-based routing

Host-based routing allows ALB to send traffic to different backends based on the hostname in the request. This is common when multiple applications share one ALB.

Example

api.example.com   --> API target group
app.example.com   --> Frontend target group
auth.example.com  --> Authentication target group

Host-based routing can reduce infrastructure sprawl while keeping services logically separated.

ALB vs NLB

ALB and NLB are both important, but they are designed for different traffic patterns. Picking the right one depends on whether your routing needs are application-aware or network-level.

Feature ALB NLB
OSI Layer Layer 7 Layer 4
Main protocols HTTP, HTTPS TCP, UDP, TLS
Path-based routing Yes No
Host-based routing Yes No
Best fit Web apps and APIs Protocol-heavy or performance-sensitive traffic
Routing intelligence High Low at app layer, strong at transport layer
Choose ALB when you need request-aware routing for HTTP and HTTPS. Choose NLB when you need fast transport-layer handling for TCP, UDP, or TLS traffic.

Real-world ALB architecture example

A common ALB-based architecture for a public web platform may look like this: 

User
  |
  v
Route 53
  |
  v
CloudFront
  |
  v
Application Load Balancer
  |
  +--> /api/*        --> API Target Group
  |
  +--> /admin/*      --> Admin Target Group
  |
  +--> default       --> Frontend Target Group
  |
  v
EC2 / ECS / EKS workloads

In this design:

  • Route 53 resolves the domain name.
  • CloudFront may act as the CDN layer in front.
  • ALB receives HTTP or HTTPS traffic.
  • Listener rules send requests to the correct target group based on host or path.
ALB is one of the most common entry points for web-based AWS applications because it combines intelligent routing with scalable backend distribution.

Health checks in ALB

ALB uses health checks to determine which targets are available. If a target fails health checks, ALB stops sending traffic to it.

Why health checks matter

  • They keep broken instances out of active traffic flow.
  • They improve reliability across multiple targets.
  • They reduce user-facing errors when some backends fail.

What to validate

  • Correct health check path such as /health
  • Expected HTTP response code
  • Correct port and protocol
  • Backend readiness to answer health checks
A frequent issue is using a health check path that requires authentication or returns unexpected status codes. That can make healthy targets appear unhealthy.

Terraform example for AWS ALB

Below is a simple example that creates an Application Load Balancer, target group, and HTTP listener. 

resource "aws_lb" "alb" {
  name               = "example-alb"
  internal           = false
  load_balancer_type = "application"
  subnets            = ["subnet-aaa111", "subnet-bbb222"]
  security_groups    = ["sg-12345678"]
}

resource "aws_lb_target_group" "app" {
  name     = "example-alb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = "vpc-12345678"

  health_check {
    path     = "/health"
    protocol = "HTTP"
    matcher  = "200"
  }
}

resource "aws_lb_listener" "http_80" {
  load_balancer_arn = aws_lb.alb.arn
  port              = 80
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.app.arn
  }
}

What this Terraform does

  • Creates a public Application Load Balancer.
  • Creates an HTTP target group.
  • Uses a health check path of /health.
  • Creates an HTTP listener that forwards traffic to the target group.

Common ALB mistakes

Using ALB for non-HTTP workloads

ALB is designed for HTTP and HTTPS application traffic. Teams sometimes force it into use cases better suited to NLB.

Bad rule design

Overlapping path rules, missing defaults, or unclear priorities can make routing hard to troubleshoot.

Weak health check configuration

If the health endpoint is wrong or unstable, healthy targets may be removed from service unnecessarily.

Ignoring target group separation

Combining unrelated services into a confusing target group design can make operations and debugging harder.

Wrong load balancer choice

Some teams choose ALB for every workload without checking whether transport-layer performance or protocol requirements point to NLB instead.

A load balancer choice should always follow traffic behaviour and routing needs, not just habit. ALB is excellent for web apps, but not for every protocol.

ALB troubleshooting guide

Problem: Requests go to wrong backend

Check listener rules, path patterns, host conditions, and rule priority order.

Problem: Backends show unhealthy

Validate health check path, expected response code, backend readiness, and security rules.

Problem: Path-based routing not matching

Check the exact path patterns and confirm the request format is what the rule expects.

Problem: HTTPS listener issues

Validate certificate setup, listener configuration, and whether the correct domain is reaching the ALB.

Practical checklist

  • Check listener ports and protocols.
  • Review listener rules from highest to lowest priority.
  • Confirm target groups are attached correctly.
  • Validate health check path and backend response.
  • Check that ALB is really the right load balancer for the workload.

ALB interview questions

1. What is AWS Application Load Balancer?

It is a Layer 7 load balancer that handles HTTP and HTTPS traffic and routes requests based on application-level information such as path and host.

2. What is the difference between ALB and NLB?

ALB operates at Layer 7 and supports application-aware routing, while NLB operates at Layer 4 and is used for transport-layer traffic handling.

3. Does ALB support path-based routing?

Yes. Path-based routing is one of the main reasons to choose ALB for web applications and APIs.

4. What is a target group in ALB?

A target group is a logical collection of backend targets that ALB forwards matched requests to.

5. Why is ALB popular in microservices environments?

Because it allows multiple services to share one entry point while still routing requests intelligently using rules.

Frequently asked questions

What is AWS ALB used for?

AWS ALB is used for web applications and APIs that need Layer 7 HTTP and HTTPS routing, including path-based and host-based routing.

Can ALB route traffic based on URL path?

Yes. That is one of its most important capabilities and one of the main reasons teams choose it.

When should I not use ALB?

You should avoid ALB when the workload is not primarily HTTP or HTTPS, or when transport-layer performance and protocol handling point more clearly to NLB.

Related cloud networking resources

AWS Load Balancers Hub

Go back to the load balancers overview covering ALB, NLB, and architecture comparisons.

Go to hub

Network Load Balancer

Compare ALB with NLB and understand when Layer 4 traffic handling is the better fit.

Go to NLB guide

Amazon Route 53

Learn how DNS works in front of ALB and how user traffic is directed into AWS applications.

Go to Route 53

AWS CloudFront

Understand how CloudFront can sit in front of ALB as the CDN and edge delivery layer.

Go to CloudFront