Hello all. I am wondering what’s the best choice for putting the HTTP event collector behind an AWS load balancer. It would seem to me that an application load balancer would be appropriate for HTTP traffic, as opposed to a traditional load balancer.
From personal experience I use application loadbalancers for all of my HEC endpoints exposed to the internet. Via loadbalancer configuration I expose TCP port 443 to the internet and forward TCP port 8088 (standard HEC port) to backend EC2 instances acting as Heavy Forwarders.
The security group attached to the loadbalancer allows inbound traffic from the external sources I expect (mainly AWS Kinesis Firehose address space) and the outbound portion of the security group rule allows communication with the subnets my EC2 instances sit in.
For healthcheck monitoring on the target group I monitor this endpoint "/services/collector/health" over HTTPS for successful HTTP response codes 200-299 with a 5 second timeout.