Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Editing an L7 load balancer

Written by
Updated at May 5, 2025

To change L7 load balancer settings:

  1. In the management console, select the folder with your load balancer.

  2. Select Application Load Balancer.

  3. Click the name of the load balancer you need.

  4. Click and select Edit.

  5. Edit the load balancer settings:

    1. Under Network settings, change the security groups:

      • No groups: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.
      • Auto: The load balancer creation process automatically provisions a security group allowing any incoming traffic on port 80 and TCP health check traffic on port 30080. This security group also allows any outgoing traffic from the load balancer.
      • From list: For more traffic management flexibility, create your own security groups. You can assign up to five security groups to your load balancer.

      Note

      Security group rules can only contain addresses in CIDR format. You cannot assign a group where another security group is used.

    2. Under Allocation, enable or disable incoming traffic for each availability zone using the Receive traffic option.

    3. Under Autoscaling settings, set the resource unit limit.

    4. Under Log settings:

      1. Change the Cloud Logging log group storing your load balancer logs.

      2. Edit log discard rules:

        • HTTP codes: Update the HTTP status codes.
        • HTTP code classes: Update the HTTP status code classes.
        • gRPC codes: Update the gRPC codes.
        • Share of discarded logs: Update the log discard rate.

        To add another rule, click Add discard rule.

    5. Under Listeners, change listener settings.

  6. At the bottom of the page, click Save.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for updating load balancer settings:

    yc alb load-balancer update --help

  2. Run this command with new load balancer settings specified. For example, specify the load balancer security groups:

    yc alb load-balancer update <load_balancer_name> \
  --security-group-id <list_of_security_group_IDs>

    Where --security-group-id is a comma separated list of one to five new security group IDs. If you skip it, the load balancer will accept all traffic.

    Result:

    id: a5d88ep483cm********
name: test-balancer2-updated
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
listeners:
- name: test-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 130.193.32.206
    ports:
    - "80"
  http:
    handler:
      http_router_id: a5dv7tjdo9gt********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: buc4gsmpj8hv********
log_group_id: eolul9ap0bv0********
security_group_ids:
  - enpulh2tbrep********
  - enpg05a3ck35********
created_at: "2021-04-26T12:12:13.624832586Z"

  3. Optionally, update the Yandex Cloud Logging logging settings:

    1. See the description of the CLI command for managing load balancer logging:

      yc alb load-balancer logging --help

    2. Add a new log discard rule:

      yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --enable \
  --discard codes=[200,3XX,GRPC_OK],percent=90

      Where:

      • --log-group-id: Log group ID.
      • --discard: Log discard rule. Rule options:
        • codes: HTTP codes, HTTP code classes, or gRPC codes.
        • percent: Log discard rate.

      Result:

      done (42s)
id: ds76g2zpgp3f********
name: test-load-balancer
folder_id: b1gug7dbelh********
...
log_options:
  log_group_id: e23p9bcvh6gr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  4. Specify new listener settings:

    • HTTP listener:

      1. See the description of the CLI command for updating L7 load balancer HTTP listener settings:

        yc alb load-balancer update-listener --help

      2. Run this command with new listener settings specified:

        yc alb load-balancer update-listener <load_balancer_name> \
  --listener-name <listener_name> \
  --http-router-id <HTTP_router_ID> \
  --external-ipv4-endpoint port=<listener_port>

    • Stream listener:

      1. See the description of the CLI command for updating the L7 load balancer Stream listener settings:

        yc alb load-balancer update-stream-listener --help

      2. Run this command with new listener settings specified:

        yc alb load-balancer update-stream-listener <load_balancer_name> \
  --listener-name=<listener_name> \
  --backend-group-id=<backend_group_ID> \
  --external-ipv4-endpoint port=<listener_port>

    The result of updating two listeners:

    done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
folder_id: b1gu6g9ielh6********
status: ACTIVE
network_id: enp0uulja5s3********
listeners:
- name: tslistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7d7b14b3fs********
- name: teststreamlistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "443"
  stream:
    handler:
      backend_group_id: ds77tero4f5h********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: e9bs1hp7lgdl********
log_group_id: ckgs4u5km3u8********
security_group_ids:
- enp49ot04g63********
created_at: "2022-04-04T02:12:40.160629110Z"
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  5. Optinally, update the resource unit limit:

    1. See the description of the CLI command for setting up limits:

      yc alb load-balancer autoscale --help

    2. Specify limits by running this command:

      yc alb load-balancer autoscale <load_balancer_name_or_ID> \
  --min-zone-size <resource_unit_minimum_per_zone> \
  --max-size <resource_unit_maximum_total>

      Where:

      • --min-zone-size: Resource unit minimum per availability zone The default minimum is 2. You cannot set a minimum below 2.
      • --max-size: Resource unit maximum total. By default, it is unlimited. Make sure this value is no less than (number of load balancer availability zones) × (minimum number of resource units per zone).

      You can specify one or both settings at once using this command.

      For example:

      yc alb load-balancer autoscale test-balancer2 \
  --min-zone-size 3 \
  --max-size 10

      Result:

      id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
    - zone_id: ru-central1-a
      subnet_id: buc4gsmpj8hv********
created_at: "2022-06-02T12:12:13.624832586Z"
auto_scale_policy:
  min_zone_size: 3
  max_size: 10

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. Open the Terraform configuration file and edit the fragment describing the L7 load balancer:

    ...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
      security_group_ids = ["<list_of_security_group_IDs>"]
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }

  log_options {
    log_group_id = "<log_group_ID>"
    discard_rule {
      http_codes          = ["200"]
      http_code_intervals = ["HTTP_2XX"]
      grpc_codes          = ["GRPC_OK"]
      discard_percent     = 15
    }
  }
}
...

    For more information about yandex_alb_load_balancer properties, see this Terraform article.

  2. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  3. Run this command:

    terraform plan

    You will see a detailed list of new resources. No changes will be made at this step. If the configuration contains errors, Terraform will show them.

  4. Apply the changes:

    terraform apply

  5. Type yes and press Enter to confirm changes.

    You can check whether the L7 load balancer configuration was updated correctly in the management console or using this CLI command:

    yc alb load-balancer get <load_balancer_name>

Use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Deleting a listener

To delete a listener from your L7 load balancer:

  1. In the management console, select the folder with your load balancer.
  2. Select Application Load Balancer.
  3. Click next to the load balancer you need, then select Edit.
  4. Under Listeners, next to the listener you want to delete, click and select Delete.
  5. Click Save.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting a listener:

    yc alb load-balancer remove-listener --help

  2. Run this command:

    yc alb load-balancer remove-listener <load_balancer_name_or_ID> \
  --listener-name=<listener_name>

    Result:

    done (50s)

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. Open the Terraform configuration file and delete the listener section from the L7 load balancer description.

    ...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }
}
...

    For more information about yandex_alb_load_balancer properties, see this Terraform article.

  2. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  3. Run this command:

    terraform plan

    You will see a detailed list of new resources. No changes will be made at this step. If the configuration contains errors, Terraform will show them.

  4. Apply the changes:

    terraform apply

  5. Type yes and press Enter to confirm changes.

    You can check whether the L7 load balancer configuration was updated correctly in the management console or using this CLI command:

    yc alb load-balancer get <L7_load_balancer_name>

Use the removeListener REST API method for the LoadBalancer resource or the LoadBalancerService/RemoveListener gRPC API call.

Previous
Creating an L7 load balancer
Next
Getting information about an L7 load balancer