Load Balancer Support

UFO can automatically create a load balancer and associate it with an ECS service. Here are the default settings.


Ufo.configure do |config|
  config.elb.enabled = "auto"
  config.elb.port = 80

In enabled = "auto" mode, UFO will create a ELB when UFO_ROLE=web. So by default, UFO will create an ELB. You can disable this behavior if you wish by setting enabled = false.

ELB Types: Application and Network

UFO supports both Application and Network Load Balancers.


Ufo.configure do |config|
  config.elb.type = "network"

This will create a Network Load Balancer instead of an Application Load Balancer.

ELB Static IP addresses for Network Load Balancers

You can also create a Network Load Balancer with pre-defined static IPs that you control.


Ufo.configure do |config|
  config.elb.subnet_mappings = [{
    AllocationId: "eipalloc-ac226fa4",
    SubnetId: "subnet-111",
    AllocationId: "eipalloc-b5206dbd",
    SubnetId: "subnet-222",

Using the static IP feature must be for a brand new deployment. Otherwise, you’ll get this error:

09:51:14PM UPDATE_FAILED AWS::ElasticLoadBalancingV2::LoadBalancer Elb Subnet removal is not supported for Network Load Balancers. You must specify all existing subnets along with any new ones (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: ValidationError; Request ID: 034c7bc4-06b5-4de7-b72f-e08e7ce0a190; Proxy: null)

So if you later decide to use static IPs, one workaround is first to change the ELB to an Application Load Balancer, and then back again to a Network Load Balancer with the static IPs.

Otherwise, you must ufo destroy first and run ufo ship afterward.


The table below covers each setting. Each option is configured in .ufo/config.rb with config.OPTION. The config. portion is not shown for conciseness. IE: logger.level vs config.logger.level.

Name Default Description
elb.default_actions nil Override the Listener default actions. This provides you a lot of control.
elb.enabled auto Enables creating the ELB. Can be “auto”, true or false. Auto means will create an ELB when role is web.
elb.existing.dns_name nil For managed route53 record when using config.dns.domain option. Since UFO does not manage the ELB, this allows UFO to map the route53 dns record when needed. UFO infers the ELB dns name from the target group. However, in the case when the target group is associated with multiple ELBs, UFO cannot infer it and this setting is required. See: Existing Load Balancer Docs.
elb.existing.target_group nil Existing ELB target group. When using elb.existing.target_group the other elb settings are ignored since they only apply the ELB ufo manages. In the case of using an existing target group, the ELB is managed outside of UFO. You’re bring your own ELB.
elb.health_check_interval_seconds 10 Time, in seconds, between health checks.
elb.health_check_path / Health check url path.
elb.healthy_threshold_count 3 Number of health checks successes before considered healthy.
elb.listener.enabled Whether or not to create the standard listener with default port 80 true
elb.matcher Target group matcher nil
elb.port 80 ELB Listener port
elb.protocol_version Protocol version nil
elb.redirect.code 302 Redirection status code
elb.redirect.enabled false When set to true, the Listener redirect to HTTPS by default. You should also set up SSL.
elb.redirect.port 443 Redirection status port
elb.redirect.protocol HTTPS Redirection protocol
elb.ssl.certificates / The ACM certificates to use. Example: [“arn:aws:acm:us-west-2:11111111:certificate/EXAMPLE”]. If only using one cert, can also just provide a String instead of an Array. Remember to also set ssl.enabled = true
elb.ssl.enabled false Whether or not to enable the creationg of an SSL Listener. If enabled, ssl.certificate should be set.
elb.ssl.port 443 ELB SSL Listener port
elb.unhealthy_threshold_count 3 Number of health check failures before considered unhealthy.

See Full Config Reference