Last Updated: February 25, 2016
· dhdev

Come on Amazon, give ELB some love

Amazon's Elastic Load Balancer (ELB) is a great tool. You can bring it up in front of your servers and it will distribute the incoming load between them. This is great news if you want to provide a highly available responsive service.

However, we've run up against some limitations along the way:


There isn't an easy way to provide weights for each of your servers behind ELB. If you have different VM sizes or capabilities, you'll probably want the more capable machines to take the load. It may do this under the hood, but if so, there's no way of manually configuring.


A fairly standard feature of load balancers is the ability to drain a node before removing it from the pool. This means that no new connections will be sent to the draining machine, so that it can be taken down gracefully without breaking connections. This also means that until ELB has marked the machine as bad, requests routed to it will fail. Even worse, if you remove a running instance from an ELB pool, all client connections to it are terminated immediately.


Websockets is a great technology associated with HTML5 that allow you to perform low-overhead, two-way communication between a browser and a server. ELB currently does not support HTTP 1.1 and WebSockets (directly) and there is no good information as to when they will.

There is a workaround:

Create a TCP ELB rule for the WebSockets rather than a HTTP rule. This will pass through the connection at the transport layer rather than the application layer. This works ok, but you have no way of telling the actual client address. ELB adds a x-forwarded-for header with the client IP in when running in HTTP mode, but doesn't (and can't) when running in TCP mode.

Ideally, ELB would have support for WebSockets in HTTP mode. This would allow it to set the x-forwarded-for header on the upgrade negotiation.

SSL Certificates

ELB allows you to upload an SSL cert to allow secure termination, which is great news, however this is limited to one certificate per Load Balancer instance, which may be an issue for some.

Enough Negativity

Despite the points above, ELB does provide a straightforward, relatively scalable, low maintenance solution for those hosting on EC2.

I just hope that sometime in the very near future Amazon puts some effort into rounding off some of these rough edges.

Note: I initially wrote this post in August 2012, but never got round to publishing it anywhere. It is disappointing that in the meantime nothing much seems to have changed.

Discuss on Hacker News

2 Responses
Add your response


I said this on HN but I'll say it here too - I also REALLY wish Amazon would add security groups to ELBs like EC2 and RDS already have.

This would enable it to be used for internal cloud based projects where restricting incoming traffic by IP is critical.

over 1 year ago ·

no dates anywhere on this post make it kind of useless. Especially the reference to when you originally wrote it - with no indication of when you actually posted.

over 1 year ago ·