Edit target group attributes for your Application Load Balancer - Elastic Load Balancing
Deregistration delaySlow start modeCross-zone load balancingAutomatic Target Weights (ATW)Sticky sessions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Edit target group attributes for your Application Load Balancer

After you create a target group for you Application Load Balancer, you can edit its target group attributes.

Deregistration delay

Elastic Load Balancing stops sending requests to targets that are deregistering. By default, Elastic Load Balancing waits 300 seconds before completing the deregistration process, which can help in-flight requests to the target to complete. To change the amount of time that Elastic Load Balancing waits, update the deregistration delay value.

The initial state of a deregistering target is draining. After the deregistration delay elapses, the deregistration process completes and the state of the target is unused. If the target is part of an Auto Scaling group, it can be terminated and replaced.

If a deregistering target has no in-flight requests and no active connections, Elastic Load Balancing immediately completes the deregistration process, without waiting for the deregistration delay to elapse. However, even though target deregistration is complete, the status of the target is displayed as draining until the deregistration delay timeout expires. After the timeout expires, the target transitions to an unused state.

If a deregistering target terminates the connection before the deregistration delay elapses, the client receives a 500-level error response.

To update the deregistration delay value using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Group details tab, in the Attributes section, choose Edit.

  5. On the Edit attributes page, change the value of Deregistration delay as needed.

  6. Choose Save changes.

To update the deregistration delay value using the Amazon CLI

Use the modify-target-group-attributes command with the deregistration_delay.timeout_seconds attribute.

Slow start mode

By default, a target starts to receive its full share of requests as soon as it is registered with a target group and passes an initial health check. Using slow start mode gives targets time to warm up before the load balancer sends them a full share of requests.

After you enable slow start for a target group, its targets enter slow start mode when they are considered healthy by the target group. A target in slow start mode exits slow start mode when the configured slow start duration period elapses or the target becomes unhealthy. The load balancer linearly increases the number of requests that it can send to a target in slow start mode. After a healthy target exits slow start mode, the load balancer can send it a full share of requests.

Considerations

  • When you enable slow start for a target group, the healthy targets registered with the target group do not enter slow start mode.

  • When you enable slow start for an empty target group and then register targets using a single registration operation, these targets do not enter slow start mode. Newly registered targets enter slow start mode only when there is at least one healthy target that is not in slow start mode.

  • If you deregister a target in slow start mode, the target exits slow start mode. If you register the same target again, it enters slow start mode when it is considered healthy by the target group.

  • If a target in slow start mode becomes unhealthy, the target exits slow start mode. When the target becomes healthy, it enters slow start mode again.

  • You cannot enable slow start mode when using the least outstanding requests or weighted random routing algorithms.

To update the slow start duration value using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Group details tab, in the Attributes section, choose Edit.

  5. On the Edit attributes page, change the value of Slow start duration as needed. To disable slow start mode, set the duration to 0.

  6. Choose Save changes.

To update the slow start duration value using the Amazon CLI

Use the modify-target-group-attributes command with the slow_start.duration_seconds attribute.

Cross-zone load balancing for Application Load Balancer target groups

The nodes for your load balancer distribute requests from clients to registered targets. When cross-zone load balancing is on, each load balancer node distributes traffic across the registered targets in all registered Availability Zones. When cross-zone load balancing is off, each load balancer node distributes traffic only across the registered targets in its Availability Zone. This could be if zonal failure domains are preferred over regional, ensuring that a healthy zone isn't impacted by an unhealthy zone, or for overall latency improvements.

With Application Load Balancers, cross-zone load balancing is always turned on at the load balancer level, and cannot be turned off. For target groups, the default is to use the load balancer setting, but you can override the default by explicitly turning cross-zone load balancing off at the target group level.

Considerations

  • Target stickiness is not supported when cross-zone load balancing is off.

  • Lambda functions as targets are not supported when cross-zone load balancing is off.

  • Attempting to turn off cross-zone load balancing through the ModifyTargetGroupAttributes API if any targets have parameter AvailabilityZone set to all results in an error.

  • When registering targets, the AvailabilityZone parameter is required. Specific Availability Zone values are only allowed when cross-zone load balancing is off. Otherwise, the parameter is ignored and treated as all.

Best practices

  • Plan for enough target capacity across all Availability Zones that you expect to utilize, per target group. If you can't plan for enough capacity across all participating Availability Zones, we recommend that you keep cross-zone load balancing on.

  • When configuring your Application Load Balancer with multiple target groups, ensure all target groups are participating in the same Availability Zones, within the configured Region. This is to avoid an Availability Zone being empty while cross-zone load balancing is off, as this triggers a 503 error for all HTTP requests that enter the empty Availability Zone.

  • Avoid creating empty subnets. Application Load Balancers expose zonal IP addresses through DNS for the empty subnets, which triggers 503 errors for HTTP requests.

  • There can be occurrences where a target group with cross-zone load balancing turned off has enough planned target capacity per Availability Zone, but all targets in an Availability Zone become unhealthy. When there is at least one target group with all unhealthy targets, the IP addresses of the load balancer nodes are removed from DNS. After the target group has at least one healthy target, the IP addresses are restored to DNS.

Turn off cross-zone load balancing

You can turn off cross-zone load balancing for your Application Load Balancer target groups at any time.

To turn off cross-zone load balancing using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, select Target Groups.

  3. Select the name of the target group to open its details page.

  4. On the Attributes tab, select Edit.

  5. On the Edit target group attributes page, select Off for Cross-zone load balancing.

  6. Choose Save changes.

To turn off cross-zone load balancing using the Amazon CLI

Use the modify-target-group-attributes command and set the load_balancing.cross_zone.enabled attribute to false.

aws elbv2 modify-target-group-attributes --target-group-arn my-targetgroup-arn --attributes Key=load_balancing.cross_zone.enabled,Value=false

The following is an example response:

{
    "Attributes": [
        {
            "Key": "load_balancing.cross_zone.enabled",
            "Value": "false"
        },
    ]
}

Turn on cross-zone load balancing

You can turn on cross-zone load balancing for your Application Load Balancer target groups at any time. The cross-zone load balancing setting at the target group level overrides the setting at the load balancer level.

To turn on cross-zone load balancing using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, select Target Groups.

  3. Select the name of the target group to open its details page.

  4. On the Attributes tab, select Edit.

  5. On the Edit target group attributes page, select On for Cross-zone load balancing.

  6. Choose Save changes.

To turn on cross-zone load balancing using the Amazon CLI

Use the modify-target-group-attributes command and set the load_balancing.cross_zone.enabled attribute to true.

aws elbv2 modify-target-group-attributes --target-group-arn my-targetgroup-arn --attributes Key=load_balancing.cross_zone.enabled,Value=true

The following is an example response:

{
    "Attributes": [
        {
            "Key": "load_balancing.cross_zone.enabled",
            "Value": "true"
        },
    ]
}

Automatic Target Weights (ATW)

Automatic Target Weights (ATW) constantly monitors the targets running your applications, detecting significant performance deviations, known as anomalies. ATW provides the ability to dynamically adjust the amount of traffic routed to targets, through real time data anomaly detection.

Automatic Target Weights (ATW) performs anomaly detection on every Application Load Balancer in your account automatically. When anomalous targets are identified, ATW can automatically attempt to stabilize them by reducing the amount of traffic they're routed, known as anomaly mitigation. ATW continuously optimizes traffic distribution to maximize per-target success rates while minimizing target group failure rates.

Considerations:

  • Anomaly detection currently monitors HTTP 5xx response codes coming from, and connection failures to, your targets. Anomaly detection is always on and cannot be turned off.

  • ATW is not supported when using Lambda as a target.

Anomaly detection

ATW anomaly detection monitors for any targets that are displaying a significant deviation in behavior from other targets in their target group. These deviations, called anomalies, are determined by comparing the percent errors of one target with the percent errors of other targets in the target group. These errors can be both connection errors and HTTP error codes. Targets reporting significantly higher than their peers are then considered anomalous.

Anomaly detection requires a minimum of three healthy targets in the target group. When a target is registered to a target group it has to first pass the health checks to start receiving traffic. Once the target is receiving target, ATW begins monitoring the target and continuously publishes the anomaly result. For targets without anomalies, the anomaly result is normal. For targets with anomalies, the anomaly result is anomalous.

ATW anomaly detection works independently from target group health checks. A target can be passing all target group health checks, but still be marked anomalous due to an elevated error rate. Targets becoming anomalous does not affect their target group health check status.

Anomaly detection status

ATW continuously publishes the status of the anomaly detections it performs on targets. You can view the current status at any time using the Amazon Web Services Management Console or Amazon CLI.

To view anomaly detection status using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the target groups detail page, choose the Targets tab.

  5. Within the Registered targets table, you can view each targets anomaly status in the Anomaly detection result column.

    If no anomalies were detected, the result is normal.

    If anomalies were detected, the result is anomalous.

To view anomaly detection results using the Amazon CLI

Use the describe-target-health command with the Include.member.N attribute value set to AnomalyDetection.

Anomaly mitigation

Important

The anomaly mitigation function of ATW is only available when using the Weighted random routing algorithm.

ATW anomaly mitigation routes traffic away from anomalous targets automatically, giving them an opportunity to recover.

During mitigation:

  • ATW periodically adjusts the amount of traffic routed to anomalous targets. Currently, the period is every five seconds.

  • ATW reduces the amount of traffic routed to anomalous targets to the minimum amount required to perform anomaly mitigation.

  • Targets which are no longer detected as anomalous will gradually have more traffic routed to them until they reach parity with other normal targets in the target group.

Turn on ATW anomaly mitigation

You can turn on anomaly mitigation at any time.

To turn on anomaly mitigation using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the target groups detail page, on the Attributes tab, choose Edit.

  5. On the Edit target group attributes page, in the Traffic configuration section, under Load balancing algorithm, ensure Weighted random is selected.

    Note: When the weighted random algorithm is initially selected, anomaly detection is on by default.

  6. Under Anomaly mitigation, ensure Turn on anomaly mitigation is selected.

  7. Choose Save changes.

To turn on anomaly mitigation using the Amazon CLI

Use the modify-target-group-attributes command with the load_balancing.algorithm.anomaly_mitigation attribute.

Anomaly mitigation status

Whenever ATW is performing mitigation on a target, you can view the current status at any time using the Amazon Web Services Management Console or Amazon CLI.

To view anomaly mitigation status using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the target groups detail page, choose the Targets tab.

  5. Within the Registered targets table, you can view each targets anomaly mitigation status in the Mitigation in effect column.

    If mitigation is not in progress, the status is yes.

    If mitigation is in progress, the status is no.

To view anomaly mitigation status using the Amazon CLI

Use the describe-target-health command with the Include.member.N attribute value set to AnomalyDetection.

Sticky sessions for your Application Load Balancer

By default, an Application Load Balancer routes each request independently to a registered target based on the chosen load-balancing algorithm. However, you can use the sticky session feature (also known as session affinity) to enable the load balancer to bind a user's session to a specific target. This ensures that all requests from the user during the session are sent to the same target. This feature is useful for servers that maintain state information in order to provide a continuous experience to clients. To use sticky sessions, the client must support cookies.

Application Load Balancers support both duration-based cookies and application-based cookies. Sticky sessions are enabled at the target group level. You can use a combination of duration-based stickiness, application-based stickiness, and no stickiness across your target groups.

The key to managing sticky sessions is determining how long your load balancer should consistently route the user's request to the same target. If your application has its own session cookie, then you can use application-based stickiness and the load balancer session cookie follows the duration specified by the application's session cookie. If your application does not have its own session cookie, then you can use duration-based stickiness to generate a load balancer session cookie with a duration that you specify.

The content of load balancer generated cookies are encrypted using a rotating key. You cannot decrypt or modify load balancer generated cookies.

For both stickiness types, the Application Load Balancer resets the expiry of the cookies it generates after every request. If a cookie expires, the session is no longer sticky and the client should remove the cookie from its cookie store.

Requirements

  • An HTTP/HTTPS load balancer.

  • At least one healthy instance in each Availability Zone.

Considerations

  • Sticky sessions are not supported if cross-zone load balancing is disabled. Attempting to enable sticky sessions while cross-zone load balancing is disabled will fail.

  • For application-based cookies, cookie names have to be specified individually for each target group. However, for duration-based cookies, AWSALB is the only name used across all target groups.

  • If you are using multiple layers of Application Load Balancers, you can enable sticky sessions across all layers with application-based cookies. However, with duration-based cookies, you can enable sticky sessions only on one layer, because AWSALB is the only name available.

  • If the Application Load Balancer receives both an AWSALBCORS and an AWSALB duration-based stickiness cookie, the value in AWSALBCORS will take precedence.

  • Application-based stickiness does not work with weighted target groups.

  • If you have a forward action with multiple target groups, and sticky sessions are enabled for one or more of the target groups, you must enable stickiness at the target group level.

  • WebSocket connections are inherently sticky. If the client requests a connection upgrade to WebSockets, the target that returns an HTTP 101 status code to accept the connection upgrade is the target used in the WebSockets connection. After the WebSockets upgrade is complete, cookie-based stickiness is not used.

  • Application Load Balancers use the Expires attribute in the cookie header instead of the Max-Age attribute.

  • Application Load Balancers do not support cookie values that are URL encoded.

Duration-based stickiness

Duration-based stickiness routes requests to the same target in a target group using a load balancer generated cookie (AWSALB). The cookie is used to map the session to the target. If your application does not have its own session cookie, you can specify your own stickiness duration and manage how long your load balancer should consistently route the user's request to the same target.

When a load balancer first receives a request from a client, it routes the request to a target (based on the chosen algorithm), and generates a cookie named AWSALB. It encodes information about the selected target, encrypts the cookie, and includes the cookie in the response to the client. The load balancer generated cookie has its own expiry of 7 days which is non-configurable.

In subsequent requests, the client should include the AWSALB cookie. When the load balancer receives a request from a client that contains the cookie, it detects it and routes the request to the same target. If the cookie is present but cannot be decoded, or if it refers to a target that was deregistered or is unhealthy, the load balancer selects a new target and updates the cookie with information about the new target.

For cross-origin resource sharing (CORS) requests, some browsers require SameSite=None; Secure to enable stickiness. To support these browsers the load balancer always generates a second stickiness cookie, AWSALBCORS, which includes the same information as the original stickiness cookie, as well as the SameSite attribute. Clients receive both cookies, including non CORS requests.

To enable duration-based stickiness using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Group details tab, in the Attributes section, choose Edit.

  5. On the Edit attributes page, do the following:

    1. Select Stickiness.

    2. For Stickiness type, select Load balancer generated cookie.

    3. For Stickiness duration, specify a value between 1 second and 7 days.

    4. Choose Save changes.

To enable duration-based stickiness using the Amazon CLI

Use the modify-target-group-attributes command with the stickiness.enabled and stickiness.lb_cookie.duration_seconds attributes.

Use the following command to enable duration-based stickiness.

aws elbv2 modify-target-group-attributes --target-group-arn ARN --attributes Key=stickiness.enabled,Value=true Key=stickiness.lb_cookie.duration_seconds,Value=time-in-seconds

Your output should be similar to the following example.

     {     
        "Attributes": [
           ...
            {
                 "Key": "stickiness.enabled",
                 "Value": "true"
              },           
              {
                  "Key": "stickiness.lb_cookie.duration_seconds",
                  "Value": "86500"
              
              },
           ...
          ]
      }

Application-based stickiness

Application-based stickiness gives you the flexibility to set your own criteria for client-target stickiness. When you enable application-based stickiness, the load balancer routes the first request to a target within the target group based on the chosen algorithm. The target is expected to set a custom application cookie that matches the cookie configured on the load balancer to enable stickiness. This custom cookie can include any of the cookie attributes required by the application.

When the Application Load Balancer receives the custom application cookie from the target, it automatically generates a new encrypted application cookie to capture stickiness information. This load balancer generated application cookie captures stickiness information for each target group that has application-based stickiness enabled.

The load balancer generated application cookie does not copy the attributes of the custom cookie set by the target. It has its own expiry of 7 days which is non-configurable. In the response to the client, the Application Load Balancer only validates the name with which the custom cookie was configured at the target group level and not the value or the expiry attribute of the custom cookie. As long as the name matches, the load balancer sends both cookies, the custom cookie set by the target, and the application cookie generated by the load balancer, in the response to the client.

In subsequent requests, clients have to send back both cookies to maintain stickiness. The load balancer decrypts the application cookie, and checks whether the configured duration of stickiness is still valid. It then uses the information in the cookie to send the request to the same target within the target group to maintain stickiness. The load balancer also proxies the custom application cookie to the target without inspecting or modifying it. In subsequent responses, the expiry of the load balancer generated application cookie and the duration of stickiness configured on the load balancer are reset. To maintain stickiness between client and target, the expiry of the cookie, and the duration of stickiness should not elapse.

If a target fails or becomes unhealthy, the load balancer stops routing requests to that target, and chooses a new healthy target based on the chosen load balancing algorithm. The load balancer treats the session as now being "stuck" to the new healthy target, and continues routing requests to the new healthy target even if the failed target comes back.

With cross-origin resource sharing (CORS) requests, to enable stickiness, the load balancer adds the SameSite=None; Secure attributes to the load balancer generated application cookie only if the user-agent version is Chromium80 or above.

Since most browsers limit cookies to 4K in size, the load balancer shards application cookies greater than 4K into multiple cookies. Application Load Balancers support cookies up to 16K in size and can therefore create up to 4 shards that it sends to the client. The application cookie name that the client sees begins with “AWSALBAPP-" and includes a fragment number. For example, if the cookie size is 0-4K, the client sees AWSALBAPP-0. If the cookie size is 4-8k, the client sees AWSALBAPP-0 and AWSALBAPP-1, and so on.

To enable application-based stickiness using the console

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. On the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Group details tab, in the Attributes section, choose Edit.

  5. On the Edit attributes page, do the following:

    1. Select Stickiness.

    2. For Stickiness type, select Application-based cookie.

    3. For Stickiness duration, specify a value between 1 second and 7 days.

    4. For App cookie name, enter a name for your application-based cookie.

      Do not use AWSALB, AWSALBAPP, or AWSALBTG for the cookie name; they're reserved for use by the load balancer.

    5. Choose Save changes.

To enable application-based stickiness using the Amazon CLI

Use the modify-target-group-attributes command with the following attributes:

  • stickiness.enabled

  • stickiness.type

  • stickiness.app_cookie.cookie_name

  • stickiness.app_cookie.duration_seconds

Use the following command to enable application-based stickiness.

aws elbv2 modify-target-group-attributes --target-group-arn ARN --attributes Key=stickiness.enabled,Value=true Key=stickiness.type,Value=app_cookie Key=stickiness.app_cookie.cookie_name,Value=my-cookie-name Key=stickiness.app_cookie.duration_seconds,Value=time-in-seconds

Your output should be similar to the following example.

 
       {
            "Attributes": [
                ...
                {
                    "Key": "stickiness.enabled",
                    "Value": "true"
                },
                {
                    "Key": "stickiness.app_cookie.cookie_name",
                    "Value": "MyCookie"
                },
                {
                    "Key": "stickiness.type",
                    "Value": "app_cookie"
                },
                {
                    "Key": "stickiness.app_cookie.duration_seconds",
                    "Value": "86500"
                },
                ...
            ]
        }
Manual rebalancing

When scaling up, if the number of targets increase considerably, there is potential for unequal distribution of load due to stickiness. In this scenario, you can rebalance the load on your targets using the following two options:

  • Set an expiry on the cookie generated by the application that is prior to the current date and time. This will prevent clients from sending the cookie to the Application Load Balancer, which will restart the process of establishing stickiness.

  • Set a very short duration on the load balancer’s application-based stickiness configuration, for example, 1 second. This forces the Application Load Balancer to reestablish stickiness even if the cookie set by the target has not expired.