FsCDK
Network Load Balancer (NLB)
Network Load Balancers provide ultra-high performance, low latency, and TLS offloading at scale. They operate at Layer 4 (TCP/UDP) and are ideal for handling millions of requests per second.
Quick Start
#r "../src/bin/Release/net8.0/publish/Amazon.JSII.Runtime.dll"
#r "../src/bin/Release/net8.0/publish/Constructs.dll"
#r "../src/bin/Release/net8.0/publish/Amazon.CDK.Lib.dll"
#r "../src/bin/Release/net8.0/publish/FsCDK.dll"
open FsCDK
open Amazon.CDK
open Amazon.CDK.AWS.EC2
open Amazon.CDK.AWS.ElasticLoadBalancingV2
Basic Internal NLB
By default, NLBs are created as internal (not internet-facing) for security.
stack "InternalNLB" {
// Create VPC
let! myVpc = vpc "MyVpc" { () }
// Create internal NLB (default)
networkLoadBalancer "MyNLB" {
vpc myVpc
crossZoneEnabled true
}
}
Internet-Facing NLB
For public-facing applications, explicitly set internetFacing true.
stack "PublicNLB" {
let! myVpc = vpc "MyVpc" { () }
networkLoadBalancer "PublicNLB" {
vpc myVpc
internetFacing true
vpcSubnets (SubnetSelection(SubnetType = SubnetType.PUBLIC))
}
}
Production NLB with Deletion Protection
Enable deletion protection for production workloads.
stack "ProductionNLB" {
let! myVpc = vpc "MyVpc" { () }
networkLoadBalancer "ProdNLB" {
vpc myVpc
internetFacing true
deletionProtection true
loadBalancerName "production-nlb"
crossZoneEnabled true
}
}
Multi-AZ High Availability Setup
stack "HighAvailabilityNLB" {
let! myVpc =
vpc "MyVpc" {
maxAzs 3
natGateways 3
}
networkLoadBalancer "HANLB" {
vpc myVpc
internetFacing true
crossZoneEnabled true // Distribute traffic evenly across all zones
deletionProtection true
}
}
Best Practices
Security
- ✅ Use internal NLBs by default (not internet-facing)
- ✅ Place in private subnets when possible
- ✅ Use security groups to restrict access
- ✅ Enable access logs for auditing
High Availability
- ✅ Enable cross-zone load balancing for even distribution
- ✅ Deploy across multiple AZs (minimum 2)
- ✅ Use health checks to detect unhealthy targets
Cost Optimization
- ✅ Disable cross-zone load balancing if not needed (saves data transfer costs)
- ✅ Right-size target instances
- ✅ Use reserved capacity for predictable workloads
Performance
- ✅ Use NLB for TCP/UDP workloads requiring extreme performance
- ✅ Enable connection draining
- ✅ Monitor CloudWatch metrics (ActiveFlowCount, ProcessedBytes)
namespace FsCDK
namespace Amazon
namespace Amazon.CDK
namespace Amazon.CDK.AWS
namespace Amazon.CDK.AWS.EC2
namespace Amazon.CDK.AWS.ElasticLoadBalancingV2
val stack: name: string -> StackBuilder
<summary>Creates an AWS CDK Stack construct.</summary>
<param name="name">The name of the stack.</param>
<code lang="fsharp"> stack "MyStack" { lambda myFunction bucket myBucket } </code>
<summary>Creates an AWS CDK Stack construct.</summary>
<param name="name">The name of the stack.</param>
<code lang="fsharp"> stack "MyStack" { lambda myFunction bucket myBucket } </code>
val myVpc: IVpc
val vpc: name: string -> VpcBuilder
<summary>Creates a VPC configuration with AWS best practices.</summary>
<param name="name">The VPC name.</param>
<code lang="fsharp"> vpc "MyVpc" { maxAzs 2 natGateways 1 cidr "10.0.0.0/16" } </code>
<summary>Creates a VPC configuration with AWS best practices.</summary>
<param name="name">The VPC name.</param>
<code lang="fsharp"> vpc "MyVpc" { maxAzs 2 natGateways 1 cidr "10.0.0.0/16" } </code>
val networkLoadBalancer: name: string -> NetworkLoadBalancerBuilder
<summary>Creates a Network Load Balancer with AWS best practices.</summary>
<param name="name">The load balancer name.</param>
<code lang="fsharp"> networkLoadBalancer "MyNLB" { vpc myVpc internetFacing false crossZoneEnabled true } </code>
<summary>Creates a Network Load Balancer with AWS best practices.</summary>
<param name="name">The load balancer name.</param>
<code lang="fsharp"> networkLoadBalancer "MyNLB" { vpc myVpc internetFacing false crossZoneEnabled true } </code>
custom operation: vpc (IVpc)
Calls NetworkLoadBalancerBuilder.Vpc
<summary>Sets the VPC for the Network Load Balancer.</summary>
<summary>Sets the VPC for the Network Load Balancer.</summary>
custom operation: crossZoneEnabled (bool)
Calls NetworkLoadBalancerBuilder.CrossZoneEnabled
<summary>Enables or disables cross-zone load balancing.</summary>
<param name="enabled">Whether to enable cross-zone load balancing (default: true).</param>
<summary>Enables or disables cross-zone load balancing.</summary>
<param name="enabled">Whether to enable cross-zone load balancing (default: true).</param>
custom operation: internetFacing (bool)
Calls NetworkLoadBalancerBuilder.InternetFacing
<summary>Sets whether the load balancer is internet-facing.</summary>
<param name="internetFacing">True for internet-facing, false for internal (default: false).</param>
<summary>Sets whether the load balancer is internet-facing.</summary>
<param name="internetFacing">True for internet-facing, false for internal (default: false).</param>
custom operation: vpcSubnets (SubnetSelection)
Calls NetworkLoadBalancerBuilder.VpcSubnets
<summary>Sets the VPC subnets for the load balancer.</summary>
<summary>Sets the VPC subnets for the load balancer.</summary>
Multiple items
type SubnetSelection = interface ISubnetSelection new: unit -> unit member AvailabilityZones: string array member OnePerAz: Nullable<bool> member SubnetFilters: SubnetFilter array member SubnetGroupName: string member SubnetType: Nullable<SubnetType> member Subnets: ISubnet array
--------------------
SubnetSelection() : SubnetSelection
type SubnetSelection = interface ISubnetSelection new: unit -> unit member AvailabilityZones: string array member OnePerAz: Nullable<bool> member SubnetFilters: SubnetFilter array member SubnetGroupName: string member SubnetType: Nullable<SubnetType> member Subnets: ISubnet array
--------------------
SubnetSelection() : SubnetSelection
[<Struct>]
type SubnetType =
| PRIVATE_ISOLATED = 0
| PRIVATE_WITH_EGRESS = 1
| PRIVATE_WITH_NAT = 2
| PUBLIC = 3
field SubnetType.PUBLIC: SubnetType = 3
custom operation: deletionProtection (bool)
Calls NetworkLoadBalancerBuilder.DeletionProtection
<summary>Enables or disables deletion protection.</summary>
<param name="enabled">Whether to enable deletion protection (default: false).</param>
<summary>Enables or disables deletion protection.</summary>
<param name="enabled">Whether to enable deletion protection (default: false).</param>
custom operation: loadBalancerName (string)
Calls NetworkLoadBalancerBuilder.LoadBalancerName
<summary>Sets the load balancer name.</summary>
<summary>Sets the load balancer name.</summary>
custom operation: maxAzs (int)
Calls VpcBuilder.MaxAzs
<summary>Sets the maximum number of Availability Zones to use.</summary>
<param name="config">The current VPC configuration.</param>
<param name="maxAzs">The maximum number of AZs (default: 2 for HA).</param>
<code lang="fsharp"> vpc "MyVpc" { maxAzs 3 } </code>
<summary>Sets the maximum number of Availability Zones to use.</summary>
<param name="config">The current VPC configuration.</param>
<param name="maxAzs">The maximum number of AZs (default: 2 for HA).</param>
<code lang="fsharp"> vpc "MyVpc" { maxAzs 3 } </code>
custom operation: natGateways (int)
Calls VpcBuilder.NatGateways
<summary>Sets the number of NAT Gateways.</summary>
<param name="config">The current VPC configuration.</param>
<param name="natGateways">The number of NAT gateways (default: 1 for cost optimization).</param>
<code lang="fsharp"> vpc "MyVpc" { natGateways 2 } </code>
<summary>Sets the number of NAT Gateways.</summary>
<param name="config">The current VPC configuration.</param>
<param name="natGateways">The number of NAT gateways (default: 1 for cost optimization).</param>
<code lang="fsharp"> vpc "MyVpc" { natGateways 2 } </code>