Periodic update - 03/12/21-04:48pm PDT

awsdocs · Mar 13, 2021 · 1e6652d · 1e6652d
1 parent d377f95
commit 1e6652d
Show file tree

Hide file tree

Showing 10 changed files with 264 additions and 80 deletions.
diff --git a/doc_source/application-load-balancers.md b/doc_source/application-load-balancers.md
@@ -29,7 +29,7 @@ When you create an Application Load Balancer, you must specify one of the follow
 
 You must select at least two Availability Zone subnets\. The following restrictions apply:
 + Each subnet must be from a different Availability Zone\.
-+ To ensure that your load balancer can scale properly, verify that each Availability Zone subnet for your load balancer has a CIDR block with at least a `/27` bitmask \(for example, `10.0.0.0/27`\) and at least 8 free IP addresses\. Your load balancer uses these IP addresses to establish connections with the targets\.<a name="local-zones"></a>
++ To ensure that your load balancer can scale properly, verify that each Availability Zone subnet for your load balancer has a CIDR block with at least a `/27` bitmask \(for example, `10.0.0.0/27`\) and at least 8 free IP addresses per subnet\. Your load balancer uses these IP addresses to establish connections with the targets\. Depending on your traffic profile, the load balancer can scale higher and consume up to a maximum of 100 IP addresses distributed across all enabled subnets\. <a name="local-zones"></a>
 
 **Local Zones**
 
@@ -41,10 +41,31 @@ You can specify a one or more Local Zone subnets\. The following restrictions ap
 
 You can specify a single Outpost subnet\. The following restrictions apply:
 + You must have installed and configured an Outpost in your on\-premises data center\. You must have a reliable network connection between your Outpost and its AWS Region\. For more information, see the [AWS Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/)\.
-+ The load balancer requires two instances on the Outpost for the load balancer nodes\. The supported instances are the general purpose, compute optimized, and memory optimized instances\. Initially, the instances are `large` instances\. The load balancer scales as needed, from `large` to `xlarge`, `xlarge` to `2xlarge`, and `2xlarge` to `4xlarge`\. If you need additional capacity, the load balancer adds `4xlarge` instances\. If you do not have sufficient instance capacity or available IP addresses to scale the load balancer, the load balancer reports an event to the [AWS Personal Health Dashboard](https://phd.aws.amazon.com/) and the load balancer state is `active_impaired`\.
++ The load balancer requires two instances on the Outpost for the load balancer nodes\. The supported instances are shown in the table below\. Initially, the instances are `large` instances\. The load balancer scales as needed, from `large` to `xlarge`, `xlarge` to `2xlarge`, and `2xlarge` to `4xlarge`\. If you need additional capacity, the load balancer adds `4xlarge` instances\. If you do not have sufficient instance capacity or available IP addresses to scale the load balancer, the load balancer reports an event to the [AWS Personal Health Dashboard](https://phd.aws.amazon.com/) and the load balancer state is `active_impaired`\.
 + You can register targets by instance ID or IP address\. If you register targets in the AWS Region for the Outpost, they are not used\.
 + The following features are not available: Lambda functions as targets, AWS WAF integration, sticky sessions, authentication support, and integration with AWS Global Accelerator\.
 
+An Application Load Balancer can be deployed on c5/c5d, m5/m5d, or r5/r5d instances on an Outpost\. The following table shows the size and EBS volume per instance type that the load balancer can use on an Outpost: 
+
+
+| Instance type and size | EBS volume \(GB\) | 
+| --- | --- | 
+| c5/c5d | 
+| large | 50 | 
+| xlarge | 50 | 
+| 2xlarge | 50 | 
+| 4xlarge | 100 | 
+| m5/m5d | 
+| large | 50 | 
+| xlarge | 50 | 
+| 2xlarge | 100 | 
+| 4xlarge | 100 | 
+| r5/r5d | 
+| large | 50 | 
+| xlarge | 100 | 
+| 2xlarge | 100 | 
+| 4xlarge | 100 | 
+
 ## Load balancer security groups<a name="load-balancer-security-groups"></a>
 
 A *security group* acts as a firewall that controls the traffic allowed to and from your load balancer\. You can choose the ports and protocols to allow for both inbound and outbound traffic\.

diff --git a/doc_source/create-https-listener.md b/doc_source/create-https-listener.md
@@ -90,13 +90,70 @@ We recommend the `ELBSecurityPolicy-2016-08` policy for compatibility\. You can
 
 The following table describes the default policy, `ELBSecurityPolicy-2016-08`, and the `ELBSecurityPolicy-FS` policies\. The `ELBSecurityPolicy-` has been removed from policy names in the heading row so that they fit\.
 
-![\[FS Security Policies for Application Load Balancer\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/security_policy_fs.png)
+
+| Security policy | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-default.png) | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-1-2-Res-2020-10.png) | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-1-2-Res-2019-08.png) | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-1-2-2019-08.png) | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-1-1-2019-08.png) | ![\[Image NOT FOUND\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/FS-2018-06.png) | 
+| --- |--- |--- |--- |--- |--- |--- |
+| **TLS Protocols** | 
+| --- |
+| Protocol\-TLSv1 | ♦ |  |  |  |  | ♦ | 
+| Protocol\-TLSv1\.1 | ♦ |  |  |  | ♦ | ♦ | 
+| Protocol\-TLSv1\.2 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| **TLS Ciphers** | 
+| --- |
+| ECDHE\-ECDSA\-AES128\-GCM\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-GCM\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES128\-SHA256 | ♦ |  | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-SHA256 | ♦ |  | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES128\-SHA | ♦ |  |  | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-SHA | ♦ |  |  | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-GCM\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-GCM\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-SHA384 | ♦ |  | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-SHA384 | ♦ |  | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-SHA | ♦ |  |  | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-SHA | ♦ |  |  | ♦ | ♦ | ♦ | 
+| AES128\-GCM\-SHA256 | ♦ |  |  |  |  |  | 
+| AES128\-SHA256 | ♦ |  |  |  |  |  | 
+| AES128\-SHA | ♦ |  |  |  |  |  | 
+| AES256\-GCM\-SHA384 | ♦ |  |  |  |  |  | 
+| AES256\-SHA256 | ♦ |  |  |  |  |  | 
+| AES256\-SHA | ♦ |  |  |  |  |  | 
+
+\*`ELBSecurityPolicy-FS-1-2-Res-2020-10` is a highly secure and restrictive forward secrecy policy supporting TLS version 1\.2\. It is based on `ELBSecurityPolicy-FS-1-2-Res-2019-08`, but excludes the CBC ciphers\.
 
 ### TLS security policies<a name="tls-security-policies"></a>
 
 The following table describes the default policy, `ELBSecurityPolicy-2016-08`, and the `ELBSecurityPolicy-TLS` policies\. The `ELBSecurityPolicy-` has been removed from policy names in the heading row so that they fit\.
 
-![\[TLS Security Policies for Application Load Balancer\]](http://docs.aws.amazon.com/elasticloadbalancing/latest/application/images/security_policy_tls.png)
+
+| Security policy | Default | TLS\-1\-2\-Ext\-2018\-06 | TLS\-1\-2\-2017\-01 | TLS\-1\-1\-2017\-01 | TLS\-1\-0\-2015\-04 † | 
+| --- |--- |--- |--- |--- |--- |
+| **TLS Protocols** | 
+| --- |
+| Protocol\-TLSv1 | ♦ |  |  |  | ♦ | 
+| Protocol\-TLSv1\.1 | ♦ |  |  | ♦ | ♦ | 
+| Protocol\-TLSv1\.2 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| **TLS Ciphers** | 
+| --- |
+| ECDHE\-ECDSA\-AES128\-GCM\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-GCM\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES128\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES128\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| ECDHE\-RSA\-AES128\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-GCM\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-GCM\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| ECDHE\-RSA\-AES256\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| ECDHE\-ECDSA\-AES256\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| AES128\-GCM\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| AES128\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| AES128\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| AES256\-GCM\-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| AES256\-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | 
+| AES256\-SHA | ♦ | ♦ |  | ♦ | ♦ | 
+| DES\-CBC3\-SHA |  |  |  |  | ♦ | 
 
 **\*** Do not use this policy unless you must support a legacy client that requires the DES\-CBC3\-SHA cipher, which is a weak cipher\.
 

diff --git a/doc_source/doc-history.md b/doc_source/doc-history.md
@@ -5,6 +5,7 @@ The following table describes the releases for Application Load Balancers\.
 
 | Feature | Description | Date | 
 | --- | --- | --- | 
+| Application\-based stickiness | This release adds an application\-based cookie to support sticky sessions for your load balancer\. For more information, see [Application\-based stickiness](sticky-sessions.md#application-based-stickiness)\. | February 08, 2021 | 
 | Security policy for FS supporting TLS version 1\.2 | This release adds a security policy for Forward Secrecy \(FS\) supporting TLS version 1\.2\. For more information, see [Security policies](create-https-listener.md#describe-ssl-policies)\. | November 24, 2020 | 
 | WAF fail open support | This release adds support for configuring the behavior of your load balancer if it integrates with AWS WAF\. For more information, see [Application Load Balancers and AWS WAF](application-load-balancers.md#load-balancer-waf)\. | November 13, 2020 | 
 | gRPC and HTTP/2 support | This release adds support for gRPC workloads and end\-to\-end HTTP/2\. For more information, see [Protocol version](load-balancer-target-groups.md#target-group-protocol-version)\. | October 29, 2020 | 

diff --git a/doc_source/index.md b/doc_source/index.md
@@ -36,6 +36,7 @@ Amazon's trademarks and trade dress may not be used in
    + [Create a target group](create-target-group.md)
    + [Health checks for your target groups](target-group-health-checks.md)
    + [Register targets with your target group](target-group-register-targets.md)
+   + [Sticky sessions for your Application Load Balancer](sticky-sessions.md)
    + [Lambda functions as targets](lambda-functions.md)
    + [Tags for your target group](target-group-tags.md)
    + [Delete a target group](delete-target-group.md)

diff --git a/doc_source/lambda-functions.md b/doc_source/lambda-functions.md
@@ -7,6 +7,7 @@ You can register your Lambda functions as targets and configure a listener rule
 + The maximum size of the request body that you can send to a Lambda function is 1 MB\. For related size limits, see [HTTP header limits](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html#http-header-limits)\.
 + The maximum size of the response JSON that the Lambda function can send is 1 MB\.
 + WebSockets are not supported\. Upgrade requests are rejected with an HTTP 400 code\.
++ Local Zones are not supported\.
 
 **Topics**
 + [Prepare the Lambda function](#prepare-lambda-function)

diff --git a/doc_source/listener-update-rules.md b/doc_source/listener-update-rules.md
@@ -5,7 +5,7 @@ The rules that you define for your listener determine how the load balancer rout
 Each rule consists of a priority, one or more actions, and one or more conditions\. For more information, see [Listener rules](load-balancer-listeners.md#listener-rules)\.
 
 **Note**  
-The console displays a relative sequence number for each rule, not the rule priority\. You can get the priority of a rule by describing it using the AWS CLI or the Elastic Load Balancing API\.
+The console displays the rules in priority order\. However, the console displays a sequence number for each rule, which might differ from the rule priority displayed by the AWS CLI or the Elastic Load Balancing API\.
 
 ## Requirements<a name="update-rule-requirements"></a>
 + Each rule must include exactly one of the following actions: `forward`, `redirect`, or `fixed-response`, and it must be the last action to be performed\.

diff --git a/doc_source/load-balancer-listeners.md b/doc_source/load-balancer-listeners.md
@@ -150,7 +150,7 @@ The following action forwards requests to the two specified target groups, based
 ```
 
 **Example forward action with stickiness enabled**  
-If you have a forward action with multiple target groups and one or more of the target groups has [sticky sessions](load-balancer-target-groups.md#sticky-sessions) enabled, you must enable target group stickiness\.  
+If you have a forward action with multiple target groups and one or more of the target groups has [sticky sessions](sticky-sessions.md) enabled, you must enable target group stickiness\.  
 The following action forwards requests to the two specified target groups, with target group stickiness enabled\. Requests that do not contain the stickiness cookies are routed based on the weight of each target group\.  
 
 ```