Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Creating an L7 load balancer

Written by
Improved by
Updated at May 5, 2025

To create an L7 load balancer:

  1. In the management console, select the folder where you want to create a load balancer.

  2. From the list of services, select Application Load Balancer.

  3. Click Create L7 load balancer and select Manual.

  4. Specify the load balancer name.

  5. Under Network settings, select:

    1. Network whose subnets will host load balancer nodes.

    2. Relevant security groups:

      • No groups: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.
      • Auto: The load balancer creation process automatically provisions a security group allowing any incoming traffic on port 80 and TCP health check traffic on port 30080. This security group also allows any outgoing traffic from the load balancer.
      • From list: For more traffic management flexibility, create your own security groups. You can assign up to five security groups to your load balancer.

      Note

      Security group rules can only contain addresses in CIDR format. You cannot assign a group where another security group is used.

  6. Under Allocation, select the load balancer node subnets in different availability zones and enable their traffic.

    If you do not want to create a load balancer node in a specific availability zone, click next to it.

  7. Optionally, under Allocation, enable or disable incoming traffic for each availability zone using Receive traffic.

  8. Optionally, under Autoscaling settings, set the resource unit limit.

    Resource units will scale automatically depending on load balancer traffic and specified limits. The number of resource units used affects the load balancer pricing.

  9. Optionally, under Log settings:

    1. Enable Write logs.

    2. Select the Yandex Cloud Logging log group where you want to store load balancer logs.

    3. Click Add discard rule and configure its settings:

      • HTTP codes: Add HTTP status codes.
      • HTTP code classes: Add HTTP status code classes.
      • gRPC codes: Add gRPC codes.
      • Share of discarded logs: Set the log discard rate.

      You can add multiple rules.

  10. Under Listeners, click Add listener and specify listener settings:

    1. Specify the listener name.

    2. Optionally, enable Public IP address. Set Port to 80 and select Type:

      • Automatically.
      • List: Select an address from the drop-down list that appears on the right.

    3. Optionally, enable Internal IP address. Specify Port and select Subnet from the drop-down list.

    4. Under Receiving and processing traffic, select the listener type: HTTP or Stream.

      For HTTP, select:

      • Protocol: HTTP, HTTPS, or Redirect to HTTPS.
      • HTTP router: Select it from the drop-down list.

      For Stream, select a protocol:

      • Plain-text: Select Backend groups from the drop-down list.
      • Encrypted: Under Main listener, select Certificates and Backend groups from the drop-down lists.

  11. Add more listeners if needed.

  12. Click Create.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for creating an L7 load balancer:

    yc alb load-balancer create --help

  2. Run this command:

    yc alb load-balancer create <load_balancer_name> \
  --network-name <network_name> \
  --security-group-id <list_of_security_group_IDs> \
  --location subnet-name=<subnet_name>,zone=<availability_zone>

    Where:

    • <load_balancer_name>: New load balancer name.
    • --network-name: Name of the network containing the load balancer.
    • --security-group-id: Comma separated list of one to five security group IDs. This is an optional setting. If you skip it, the load balancer will accept all traffic.
    • --location: Subnet and availability zone. You can add this option multiple times to specify different availability zones and subnets.

    Result:

    done (1m40s)
id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: buc4gsmpj8hv********
log_group_id: eolul9ap0bv0********
security_group_ids:
  - enpulh2tbrep********
  - enpg05a3ck35********
created_at: "2021-04-26T12:12:13.624832586Z"

  3. Optionally, set the resource unit limit:

    1. See the description of the CLI command for setting up limits:

      yc alb load-balancer autoscale --help

    2. Specify limits by running this command:

      yc alb load-balancer autoscale <load_balancer_name_or_ID> \
  --min-zone-size <resource_unit_minimum_per_zone> \
  --max-size <resource_unit_maximum_total>

      Where:

      • --min-zone-size: Resource unit minimum per availability zone The default minimum is 2. You cannot set a minimum below 2.
      • --max-size: Resource unit maximum total. By default, it is unlimited. Make sure this value is no less than (number of load balancer availability zones) × (minimum number of resource units per zone).

      You can specify one or both settings at once using this command.

      For example:

      yc alb load-balancer autoscale test-balancer2 \
  --min-zone-size 3 \
  --max-size 10

      Result:

      id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
    - zone_id: ru-central1-a
      subnet_id: buc4gsmpj8hv********
created_at: "2022-06-02T12:12:13.624832586Z"
auto_scale_policy:
  min_zone_size: 3
  max_size: 10

  4. Optionally, configure Yandex Cloud Logging settings:

    1. See the description of the CLI command for enabling load balancer logging:

      yc alb load-balancer logging --help

    2. Specify the load balancer log group and set up a log discard rule:

      yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --enable \
  --discard codes=[<HTTP_code>,<HTTP_code_class>,<gRPC_code>],percent=<discarded_log_percentage>

      Where:

      • --log-group-id: Log group ID.
      • --discard: Log discard rule. Rule options:
        • codes: HTTP codes, HTTP code classes, or gRPC codes.
        • percent: Log discard rate.

      You can add multiple rules.

      Result:

      done (42s)
id: ds76g83js9gf********
name: test-load-balancer
...
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  5. Add a listener to an L7 load balancer:

    • HTTP listener.

      1. See the description of the CLI command for adding an HTTP listener to an L7 load balancer:

        yc alb load-balancer add-listener --help

      2. Add a listener by running this command:

        yc alb load-balancer add-listener <load_balancer_name> \
  --listener-name <listener_name> \
  --http-router-id <HTTP_router_ID> \
  --external-ipv4-endpoint port=<listener_port>

    • Stream listener.

      1. See the description of the CLI command for adding a Stream listener to an L7 load balancer:

        yc alb load-balancer add-stream-listener --help

      2. Add a listener by running this command:

        yc alb load-balancer add-stream-listener <load_balancer_name> \
  --listener-name=<listener_name> \
  --backend-group-id=<backend_group_ID> \
  --external-ipv4-endpoint port=<listener_port>

    The result of adding two listeners:

    done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
folder_id: b1gu6g9ielh6********
status: ACTIVE
network_id: enp0uulja5s3********
listeners:
- name: tslistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7d7b14b3fs********
- name: teststreamlistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "443"
  stream:
    handler:
      backend_group_id: ds77tero4f5h********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: e9bs1hp7lgdl********
log_group_id: ckgs4u5km3u8********
security_group_ids:
- enp49ot04g63********
created_at: "2022-04-04T02:12:40.160629110Z"
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the configuration file, describe the resources you want to create:

    resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "<L7_load_balancer_name>"
  network_id  = "<network_ID>"
  security_group_ids = ["<list_of_security_group_IDs>"]

  allocation_policy {
    location {
      zone_id   = "<availability_zone>"
      subnet_id = "<subnet_ID>" 
    }
  }

  listener {
    name = "<listener_name>"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = "<HTTP_router_ID>"
      }
    }
  }

  log_options {
    log_group_id = "<log_group_ID>"
    discard_rule {
      http_codes          = ["<HTTP_code>"]
      http_code_intervals = ["<HTTP_code_class>"]
      grpc_codes          = ["<gRPC_code>"]
      discard_percent     = <discarded_log_percentage>
    }
  }
}

    Where:

    • name: L7 load balancer name. Follow these naming requirements:

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    • network_id: ID of the network that will host your load balancer.

    • security_group_ids: Comma separated list of one to five security group IDs. This is an optional setting.
      If you skip it, the load balancer will accept all traffic.

    • allocation_policy: L7 load balancer's node location. Specify the availability zones and subnet IDs.

    • listener: L7 load balancer's listener settings:

      • name: Listener name. Follow these naming requirements:

        • It must be from 2 to 63 characters long.
        • It may contain lowercase Latin letters, numbers, and hyphens.
        • It must start with a letter and cannot end with a hyphen.

      • endpoint: Listener addresses and ports. Specify the external IPv4 address and port for receiving traffic. If the external_ipv4_address setting is not specified, a public IP address will be assigned automatically.

      • http: Listener HTTP endpoint description. Specify the HTTP router ID.

      • log_options: Optional logging settings for Yandex Cloud Logging:

        • log_group_id: Log group ID.

        • discard_rule: Log discard rule.

          • http_codes: HTTP codes.
          • http_code_intervals: HTTP code classes.
          • grpc_codes: gRPC codes.
          • discard_percent: Log discard rate.

          You can add multiple rules.

    For more information about yandex_alb_load_balancer properties in Terraform, see this Terraform article.

  2. Make sure the configuration files are correct.

    1. In the command line, navigate to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If your configuration is correct, you will see a detailed list of new resources; otherwise, Terraform will show configuration errors.

  3. Deploy your cloud resources.

    1. If your configuration is correct, run this command:

      terraform apply

    2. Type yes and press Enter to confirm changes.

      After that, your resources will appear in the specified folder. You can check your new resources and their settings in the management console or using this CLI command:

      yc alb load-balancer list

Use the create REST API method for the LoadBalancer resource or the LoadBalancer/Create gRPC API call.

Previous
Deleting an HTTP router
Next
Editing an L7 load balancer