Editing an L7 load balancer

Written by

Yandex Cloud

Updated at November 11, 2025

To change L7 load balancer settings:

Management console

CLI

Terraform

API

In the management console, select the folder the load balancer is in.
Select Application Load Balancer.
Click your load balancer’s name.
Click and select Edit.
Edit the load balancer settings:
1. Under Network settings, change the security groups:
  - No groups: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.
  - Auto: The load balancer creation process automatically provisions a security group allowing any incoming traffic on port 80 and TCP health check traffic on port 30080. This security group also allows any outgoing traffic from the load balancer.
  - From list: For more traffic management flexibility, create your own security groups. You can assign up to five security groups to your load balancer.
  Note
  
  Security group rules must specify IP ranges in CIDR format. You cannot assign a group that uses a different security group.
2. Under Allocation, enable or disable incoming traffic for each availability zone using the Receive traffic option.
3. Under Autoscaling settings, set the resource unit limit.
4. Under Log settings:
  1. Change the Cloud Logging log group storing your load balancer logs.
  2. Edit log discard rules:
    - HTTP codes: Update the HTTP status codes.
    - HTTP code classes: Update the HTTP status code classes.
    - gRPC codes: Update the gRPC codes.
    - Share of discarded logs: Update the log discard rate.
    To add another rule, click Add discard rule.
5. Under Listeners, change listener settings.
At the bottom of the page, click Save.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

See the description of the CLI command for updating load balancer settings:
```
yc alb load-balancer update --help
```

Run this command with new load balancer settings specified. For example, specify the load balancer security groups:

yc alb load-balancer update <load_balancer_name> \
  --security-group-id <list_of_security_group_IDs>

Where --security-group-id is a comma separated list of one to five new security group IDs. If you skip it, the load balancer will accept all traffic.

Result:

id: a5d88ep483cm********
name: test-balancer2-updated
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
listeners:
- name: test-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 130.193.32.206
    ports:
    - "80"
  http:
    handler:
      http_router_id: a5dv7tjdo9gt********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: buc4gsmpj8hv********
log_group_id: eolul9ap0bv0********
security_group_ids:
  - enpulh2tbrep********
  - enpg05a3ck35********
created_at: "2021-04-26T12:12:13.624832586Z"

Optionally, update the Yandex Cloud Logging logging settings:

See the description of the CLI command for managing load balancer logging:
```
yc alb load-balancer logging --help
```

Add a new log discard rule:

yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --enable \
  --discard codes=[200,3XX,GRPC_OK],percent=90

Where:

--log-group-id: Log group ID.
--discard: Log discard rule. Rule options:
- codes: HTTP codes, HTTP code classes, or gRPC codes.
- percent: Log discard rate.

Result:

done (42s)
id: ds76g2zpgp3f********
name: test-load-balancer
folder_id: b1gug7dbelh********
...
log_options:
  log_group_id: e23p9bcvh6gr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

Specify new listener settings:

HTTP listener:

See the description of the CLI command for updating L7 load balancer HTTP listener settings:
```
yc alb load-balancer update-listener --help
```

Run this command with new listener settings specified:

yc alb load-balancer update-listener <load_balancer_name> \
  --listener-name <listener_name> \
  --http-router-id <HTTP_router_ID> \
  --external-ipv4-endpoint port=<listener_port>

Stream listener:

See the description of the CLI command for updating the L7 load balancer Stream listener settings:
```
yc alb load-balancer update-stream-listener --help
```

Run this command with new listener settings specified:

yc alb load-balancer update-stream-listener <load_balancer_name> \
  --listener-name=<listener_name> \
  --backend-group-id=<backend_group_ID> \
  --external-ipv4-endpoint port=<listener_port>

The result of updating two listeners:

done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
folder_id: b1gu6g9ielh6********
status: ACTIVE
network_id: enp0uulja5s3********
listeners:
- name: tslistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7d7b14b3fs********
- name: teststreamlistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "443"
  stream:
    handler:
      backend_group_id: ds77tero4f5h********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: e9bs1hp7lgdl********
log_group_id: ckgs4u5km3u8********
security_group_ids:
- enp49ot04g63********
created_at: "2022-04-04T02:12:40.160629110Z"
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

Optinally, update the resource unit limit:

See the description of the CLI command for setting up limits:
```
yc alb load-balancer autoscale --help
```

Specify limits by running this command:

yc alb load-balancer autoscale <load_balancer_name_or_ID> \
  --min-zone-size <resource_unit_minimum_per_zone> \
  --max-size <resource_unit_maximum_total>

Where:

--min-zone-size: Resource unit minimum per availability zone The default minimum is 2. You cannot set a minimum below 2.
--max-size: Resource unit maximum total. By default, it is unlimited. Make sure this value is no less than (number of load balancer availability zones) × (minimum number of resource units per zone).

You can specify one or both settings at once using this command.

For example:

yc alb load-balancer autoscale test-balancer2 \
  --min-zone-size 3 \
  --max-size 10

Result:

id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
    - zone_id: ru-central1-a
      subnet_id: buc4gsmpj8hv********
created_at: "2022-06-02T12:12:13.624832586Z"
auto_scale_policy:
  min_zone_size: 3
  max_size: 10

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

Open the Terraform configuration file and edit the fragment describing the L7 load balancer:

...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
      security_group_ids = ["<list_of_security_group_IDs>"]
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }

  log_options {
    log_group_id = "<log_group_ID>"
    discard_rule {
      http_codes          = ["200"]
      http_code_intervals = ["HTTP_2XX"]
      grpc_codes          = ["GRPC_OK"]
      discard_percent     = 15
    }
  }
}
...

For more information about yandex_alb_load_balancer properties, see this Terraform article.

Check the configuration using this command:
```
terraform validate
```
If the configuration is correct, you will get this message:
```
Success! The configuration is valid.
```
Run this command:
```
terraform plan
```
You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
Apply the changes:
```
terraform apply
```
Type yes and press Enter to confirm changes.

You can check whether the L7 load balancer configuration was updated correctly in the management console or using this CLI command:
```
yc alb load-balancer get <load_balancer_name>
```
Timeouts
The Terraform provider limits operations with Application Load Balancer load balancers to 10 minutes.

Operations in excess of this time will be interrupted.
How do I modify these limits?
Add the timeouts section to the load balancer description, e.g.:

resource "yandex_alb_load_balancer" "<load_balancer_name>" { ... timeouts { create = "60m" update = "60m" delete = "60m" } }

Use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Deleting a listener

To delete a listener from your L7 load balancer:

Management console

CLI

Terraform

API

In the management console, select the folder the load balancer is in.
Select Application Load Balancer.
Click next to the load balancer you need, then select Edit.
Under Listeners, next to the appropriate listener name, click and select Delete.
Click Save.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

See the description of the CLI command for deleting a listener:
```
yc alb load-balancer remove-listener --help
```

Run this command:

yc alb load-balancer remove-listener <load_balancer_name_or_ID> \
  --listener-name=<listener_name>

Result:

done (50s)

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

Open the Terraform configuration file and delete the listener section from the L7 load balancer description.

...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }
}
...

For more information about yandex_alb_load_balancer properties, see this Terraform article.

Check the configuration using this command:
```
terraform validate
```
If the configuration is correct, you will get this message:
```
Success! The configuration is valid.
```
Run this command:
```
terraform plan
```
You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
Apply the changes:
```
terraform apply
```
Type yes and press Enter to confirm changes.

You can check whether the L7 load balancer configuration was updated correctly in the management console or using this CLI command:
```
yc alb load-balancer get <L7_load_balancer_name>
```
Timeouts
The Terraform provider limits operations with Application Load Balancer load balancers to 10 minutes.

Operations in excess of this time will be interrupted.
How do I modify these limits?
Add the timeouts section to the load balancer description, e.g.:

resource "yandex_alb_load_balancer" "<load_balancer_name>" { ... timeouts { create = "60m" update = "60m" delete = "60m" } }

Use the removeListener REST API method for the LoadBalancer resource or the LoadBalancerService/RemoveListener gRPC API call.

Editing an L7 load balancer

Deleting a listenerDeleting a listener

Was the article helpful?

Deleting a listener