Articles

Attach an ALB to ECS Services for Path-Based Routing (2026)

April 16, 2026 3 min read

An Application Load Balancer (ALB) can route requests to different ECS services based on the URL path.

Let’s see how this looks in practice with a common setup: a frontend service and a backend API service, both running on ECS.

Imagine you have an ECS cluster named my-cluster. Inside this cluster, you have two services:

  • frontend-service: Running a web application (e.g., React, Vue) on port 80.
  • api-service: Running a REST API (e.g., Node.js, Python Flask) on port 8080.

You want to route traffic so that requests to / and /index.html go to frontend-service, and requests to /api/* go to api-service.

First, you’ll need an ALB. When you create an ALB, you also define a "Target Group" for each ECS service.

Target Group for Frontend:

  • Protocol: HTTP
  • Port: 80
  • Target type: ip (if using awsvpc network mode for ECS tasks)
  • VPC: Your VPC
  • Health checks:
    • Path: /health (or whatever your app exposes)
    • Interval: 30 seconds
    • Timeout: 5 seconds
    • Healthy threshold: 3
    • Unhealthy threshold: 2

Target Group for API:

  • Protocol: HTTP
  • Port: 8080
  • Target type: ip
  • VPC: Your VPC
  • Health checks:
    • Path: /api/health
    • Interval: 30 seconds
    • Timeout: 5 seconds
    • Healthy threshold: 3
    • Unhealthy threshold: 2

Once these target groups are created and your ECS services are configured to register with them (usually done within the ECS service definition), you’ll set up the ALB Listener Rules.

ALB Listener Rules (on port 443 for HTTPS, assuming you have a certificate):

  1. Rule 1: Forward to Frontend

    • If: Path is / OR Path is /index.html
    • Then: Forward to target-group-frontend
    • Priority: 1

  2. Rule 2: Forward to API

    • If: Path starts with /api
    • Then: Forward to target-group-api
    • Priority: 2

  3. Default Rule: (This catches everything else)

    • If: Path is *
    • Then: Return fixed response (e.g., 404 Not Found) OR Forward to another default target group.
    • Priority: 3 (or highest if you don’t have other rules)

The "priority" determines the order of evaluation. The ALB checks rules from lowest priority number to highest. The first rule that matches wins.

The key here is the "Path-based routing" condition. The ALB inspects the incoming request’s URL path and compares it against the patterns defined in your listener rules. When a match is found, it forwards the request to the associated target group, which then directs it to one of the healthy ECS tasks registered within that group.

When configuring your ECS services, ensure they are using the awsvpc network mode if you’re using ip as the target type for your ALB. This gives each task its own Elastic Network Interface (ENI) and IP address, which the ALB can directly target. If you were using bridge mode, you’d typically target the host port, which is less direct.

Most people understand path-based routing, but few realize that the ALB can also inspect query parameters and HTTP headers as conditions in the same rules, allowing for even more granular routing logic beyond just the URL path. For instance, you could route requests with a specific X-Service-Version header to a canary deployment of your API.

The next concept to explore is how to integrate AWS WAF with your ALB for enhanced security.

Want structured learning?

Take the full Ecs course →