All news with #application load balancer tag

AWS Load Balancers Add Post-Quantum TLS Key Exchange

🔐 AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now offer an opt-in post-quantum TLS (PQ-TLS) key exchange option. The new PQ-TLS security policies use hybrid key agreement that combines classical algorithms with post-quantum KEMs including the standardized ML-KEM, protecting against 'harvest now, decrypt later' attacks. Available at no extra cost across AWS Commercial, GovCloud (US), and China Regions, the feature requires explicit listener updates and supports monitoring via ALB connection logs and NLB access logs.

API Gateway Adds Private ALB Integration for REST APIs

🔗 Amazon API Gateway REST APIs now support private integration with Application Load Balancer (ALB), enabling direct inter‑VPC connectivity to internal ALBs. This removes the previously required Network Load Balancer hop, which can reduce latency and simplify deployments. The integration brings Layer 7 capabilities — such as HTTP/HTTPS health checks, advanced request‑based routing, and native container service alignment — while retaining NLB-based layer‑4 options.

AWS ALB Adds Health Check Logs to S3 for Troubleshooting

🛡️ AWS Application Load Balancers (ALB) now support Health Check Logs that deliver detailed target health check entries to a designated Amazon S3 bucket every five minutes. The optional feature records timestamps, target identifiers, per-target health status, and precise failure reasons to accelerate troubleshooting. You can enable it via the AWS Management Console, AWS CLI, or SDK. Available in all AWS Commercial Regions, AWS GovCloud (US), and AWS China Regions, logs incur no additional fees beyond standard S3 storage and can reduce mean time to resolution for target health investigations.

ALB Target Optimizer: Per-Target Concurrency Control

🔧 Application Load Balancer now includes Target Optimizer, which enforces a maximum number of concurrent requests per target to align load with processing capacity. You enable it by creating a target group with a target control port and running an AWS-provided agent on each target. The feature can be configured per target group and is available in AWS Commercial, GovCloud (US), and China Regions. Note that enabled target groups consume additional LCUs and may increase costs.

AWS ALB Adds JWT Verification for Service-to-Service Auth

🔐 Amazon Web Services added JWT Verification to the Application Load Balancer (ALB), enabling ALB to validate token signatures, expirations, and claims in request headers. The capability supports OAuth 2.0 flows including Client Credentials, letting teams offload M2M/S2S token validation to the ALB without changing application code. The feature is available in all ALB-supported AWS Regions.

ALB Now Supports URL and Host Header Rewrite Across Regions

🔁 With the new URL and Host Header rewrite capability for Application Load Balancer, AWS lets customers modify request URLs and Host headers using regex-based pattern matching before routing to targets. You can rewrite paths (for example, transform "/api/v1/users" to "/users"), standardize URL patterns, remove or add path prefixes, and modify the Host header for internal service routing. Configurable via the AWS Management Console, AWS CLI, SDKs, and APIs, the feature incurs no extra charge beyond ALB usage and is available in all AWS commercial regions.

Automating OIDC Client Secret Rotation for ALB on AWS

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.

AWS Elastic Beanstalk Adds IPv6 Dual-Stack Load Balancers

🌐 AWS Elastic Beanstalk now supports dual-stack configuration for Application Load Balancers (ALB) and Network Load Balancers (NLB). By setting the IpAddressType option to dualstack, Elastic Beanstalk automatically configures your load balancer to serve both IPv4 and IPv6 and creates corresponding A and AAAA DNS records. Existing IPv4 environments can be upgraded to dual-stack or reverted back as needed. The feature is available in all AWS regions that support Elastic Beanstalk and ALB/NLB and simplifies deployment to IPv6-only networks while retaining IPv4 compatibility.