Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Service page
Yandex Application Load Balancer
Documentation
Yandex Application Load Balancer
  • Getting started
    • All guides
    • Creating Application Load Balancer infrastructure through a wizard
      • Creating an HTTP router for HTTP traffic
      • Creating an HTTP router for gRPC traffic
      • Getting HTTP router information
      • Editing an HTTP router
      • Deleting an HTTP router
    • Viewing service resource operations
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • L7 load balancer logs
  • Release notes
  1. Step-by-step guides
  2. HTTP routers
  3. Creating an HTTP router for gRPC traffic

Creating an HTTP router for gRPC traffic

Written by
Yandex Cloud
Improved by
Danila N.
Updated at July 29, 2025

To create an HTTP router and add a route to it:

Management console
CLI
Terraform
API
  1. In the management console, select the folder where you want to create your HTTP router.

  2. From the list of services, select Application Load Balancer.

  3. In the left-hand panel, select HTTP routers.

  4. Click Create HTTP router.

  5. Specify your HTTP router name.

  6. Under Virtual hosts, click Add virtual host.

  7. Specify Name.

  8. In the Authority field, specify your load balancer IP address or enter *.

  9. Optionally, in the Security profile field, select the Yandex Smart Web Security security profile. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.

  10. Optionally, under Manage headers, click Change header and configure the HTTP header.

    • In the Type field, select:
      • Request: To modify the incoming request header, from client to load balancer.
      • Response: To modify outgoing response header, from backend to external client.
    • In the Header name field, give the header a name, e.g., Host, User-Agent, X-Forwarded-For, or Strict-Transport-Security.
    • In the Operation field, select:
      • append: To add a specified string to the header value.
      • replace: To replace the header value with a specified string.
      • remove: To remove the header. Both the header value and the header will be removed.
      • rename: To rename the header. The header value will not change.
    • Enter a string to modify the header value or a new header name.
  11. Click Add route and select Type: gRPC.

    1. Specify Name.

    2. In the FQMN field, select one of the options:

      • Starts with: Route all requests starting with a specific FQMN. In the input field, specify /<first_word_in_service_name>, e.g., /helloworld.
      • Matches: Route all requests matching the specified FQMN.
      • Regular expression: Route all requests matching the RE2 regular expression.

      Warning

      The FQMN must start with a slash "/" and contain a part of the service name where your procedure call is redirected.

    3. In the Action field, select one of the options: Routing or Response. Depending on the selected option:

      • Routing:
        • In the Backend group list, select a backend group from your HTTP router folder.
        • Optionally, in the Host header rewrite field, select one of these options:
          • none: No rewriting.
          • rewrite: Rewrite to the specified value.
          • auto: Rewrite to the target VM address.
        • Optionally, in the Maximum timeout, sec. field, specify the maximum connection time. You can specify a shorter timeout in the grpc-timeout request HTTP header.
        • Optionally, in the Idle timeout, seconds field, specify the connection inactivity timeout.
      • Response:
        • In the gRPC status code field, select the gRPC response code.
  12. Click Create.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for creating an HTTP router:

    yc alb http-router create --help
    
  2. Run this command:

    yc alb http-router create <HTTP_router_name>
    

    Result:

    id: a5dcsselagj4********
    name: <HTTP_router_name>
    folder_id: aoerb349v3h4********
    created_at: "2022-06-16T21:04:59.438292069Z"
    
  3. See the description of the CLI command for creating a virtual host:

    yc alb virtual-host create --help
    
  4. To create a virtual host, run this command with the HTTP router name and virtual host settings specified:

    yc alb virtual-host create <virtual_host_name> \
      --http-router-name <HTTP_router_name> \
      --authority * \
      --rate-limit rps=100,all-requests \
      --security-profile-id <security_profile_ID>
    

    Where:

    • --http-router-name: HTTP router name.
    • --authority: :authority header domains associated with this virtual host. You can use wildcards, e.g., *.foo.com or *-bar.foo.com.
    • --rate-limit: Request rate limit. This is an optional setting.
      • rps or rpm: Number of allowed incoming requests per second or minute.
      • all-requests: Limits all incoming requests.
      • requests-per-ip: Limits the total number of requests per IP address. That is, for each IP address, only the specified number of requests is allowed per unit of time.
    • --security-profile-id: Yandex Smart Web Security security profile ID. This is an optional setting. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.

    Result:

    done (1s)
    name: <virtual_host_name>
    authority:
      - *
    rate_limit:
      all_requests:
        per_second: "100"
    
  5. See the description of the CLI command for adding a route:

    yc alb virtual-host append-grpc-route --help
    
  6. To add a route, run this command with the HTTP router ID / name and routing settings specified:

    yc alb virtual-host append-grpc-route <route_name> \
      --virtual-host-name <virtual_host_name> \
      --http-router-name <HTTP_router_name> \
      --prefix-fqmn-match / \
      --backend-group-name <backend_group_name> \
      --request-max-timeout 60s \
      --rate-limit rps=50,requests-per-ip
    

    Where:

    • --virtual-host-name: Virtual host name.

    • --http-router-name: HTTP router name.

    • --prefix-fqmn-match: Route all requests with a specific prefix. Add FQMN / after this option.

      You can also use these options for specifying routing conditions:

      • --exact-fqmn-match: Route all requests matching the specified FQMN. Add /<FQMN>/ after this option.
      • --regex-fqmn-match: Route all requests matching the RE2 regular expression. Add /<regular_expression> after this option.
    • --backend-group-name: Backend group name.

    • --rate-limit: Request rate limit.

    • --request-max-timeout: Maximum request timeout in seconds. You can specify a shorter timeout in the grpc-timeout request HTTP header.

    For more information about the yc alb virtual-host append-grpc-route command options, see the CLI reference.

    Result:

    done (1s)
    name: <virtual_host_name>
    authority:
    - *
    routes:
    - name: <route_name>
      grpc:
       match:
         fqmn:
          prefix_match: /helloworld
       route:
         backend_group_id: ds7snban2dvn********
         max_timeout: 60s
    

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

  1. In the configuration file, specify your HTTP router and virtual host settings:

    resource "yandex_alb_http_router" "tf-router" {
      name          = "<HTTP_router_name>"
      labels        = {
        tf-label    = "tf-label-value"
        empty-label = ""
      }
    }
    
    resource "yandex_alb_virtual_host" "my-virtual-host" {
      name           = "<virtual_host_name>"
      http_router_id = yandex_alb_http_router.tf-router.id
      
      rate_limit {
        all_requests {
          per_second = <requests_per_second>
          # or per_minute = <requests_per_minute>
        }
        requests_per_ip {
          per_second = <requests_per_second>
          # or per_minute = <requests_per_minute>
        }
      }
      
      route {
        name = "<route_name>"
        grpc_route {
          grpc_route_action {
            backend_group_id = "<backend_group_ID>"
            max_timeout      = "<timeout>"
          }
        }
      }
      
      route_options {
        security_profile_id = "<security_profile_ID>"
      }
    }
    

    Where:

    • yandex_alb_http_router: HTTP router description.
      • name: HTTP router name. Follow these naming requirements:

        • It must be from 2 to 63 characters long.
        • It can only contain lowercase Latin letters, numbers, and hyphens.
        • It must start with a letter and cannot end with a hyphen.
      • labels: HTTP router labels. Specify a key-value pair.

    • yandex_alb_virtual_host: Virtual host description:
      • name: Virtual host name. Use the following name format:

        • It must be from 2 to 63 characters long.
        • It can only contain lowercase Latin letters, numbers, and hyphens.
        • It must start with a letter and cannot end with a hyphen.
      • http_router_id: HTTP router ID.

      • rate_limit: Optionally, rate limit for the whole virtual host.

        • all_requests: Optionally, limit on all requests per second or per minute:
          • per_second: Per second.
          • per_minute: Per minute.
        • requests_per_ip: Optionally, additionally limits requests for each IP address per second or per minute:
          • per_second: Per second.
          • per_minute: Per minute.
      • route: Route description:

        • name: Route name.
        • grpc_route: Route description for gRPC traffic:
          • grpc_route_action: Action applied to gRPC traffic.
            • backend_group_id: Backend group ID.
            • max_timeout: Maximum request timeout in seconds. You can specify a shorter timeout in the grpc-timeout request HTTP header.
      • route_options: Additional virtual host parameters (optional):

        • security_profile_id: Yandex Smart Web Security security profile ID. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.

    Learn more about the properties of Terraform resources in the relevant Terraform guides:

    • yandex_alb_http_router resource
    • yandex_alb_virtual_host resource
  2. Create the resources

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate
      

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.
      
    3. Run this command:

      terraform plan
      

      You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.

    4. Apply the changes:

      terraform apply
      
    5. Type yes and press Enter to confirm the changes.

    Terraform will create all the required resources. You can check your new resources and their settings in the management console or using this CLI command:

    yc alb http-router get <HTTP_router_name>
    

Use the create REST API method for the HttpRouter resource or the HttpRouterService/Create gRPC API call.

Was the article helpful?

Previous
Creating an HTTP router for HTTP traffic
Next
Getting HTTP router information
© 2025 Direct Cursus Technology L.L.C.