Edition Feature Comparison
ALB editions:
Basic: Includes core Application Load Balancer features and routes requests based on domain names, URL paths, and HTTP headers.
Standard: Expands on the Basic edition with advanced features for request forwarding, security, monitoring, and connection management.
WAF-enabled: Extends the Standard edition by integrating Web Application Firewall (WAF 3.0) to protect your web services at the application layer.
Extensible
: Uses a flexible service extension framework for core traffic management features, such as identity authentication and content-based routing. This edition also introduces AI-native features, including multi-model proxy, load-aware routing, and token-based rate limiting, creating a unified and intelligent traffic gateway for both AI-powered and traditional applications.
An ALB instance's performance metrics are independent of its edition.
Upgraded ALB instances support traffic management by using security groups or access control lists (ACLs), while pre-upgrade instances support only ACLs. To use security groups, create a new instance or contact your business manager to upgrade existing instances.
Feature | Basic edition | Standard edition | WAF-enhanced edition | Extensible edition |
Listener protocol | ||||
HTTP/1.1 | ||||
HTTP/2 | ||||
HTTP/3 | Not supported | |||
QUIC | Not supported | |||
WebSocket protocol | ||||
Forwarding rule | ||||
Match by domain name or path | ||||
Match by HTTP header | ||||
Match by query string | Not supported | |||
Match by cookie | Not supported | |||
Match by HTTP request method | Not supported | |||
Match by source IP | Not supported | |||
Match by AI model | ||||
Match by response status code | Not supported | |||
Match by response header | Not supported | |||
Forward to | ||||
Redirect | ||||
Rewrite or return a fixed response | ||||
Insert or remove a header | ||||
Failover | ||||
Traffic mirroring | Not supported | |||
QPS throttling | Not supported | |||
CORS | Not supported | |||
AScript (programmable scripts) | ||||
Service extensions | ||||
Component library | ||||
Plugins/External calls | ||||
Backend service type | ||||
Server, IP, and Function Compute | ||||
DNS domain name | ||||
AI service | ||||
Backend service protocol | ||||
HTTP | ||||
HTTPS | ||||
gRPC | Not supported | |||
Security | ||||
Access control (allowlists/denylists) | ||||
Security group | Not supported | |||
TLS cipher suite selection | Not supported | |||
SNI for multiple certificates | ||||
RSA and ECC dual certificates | ||||
ECC certificate | ||||
SM2 certificate | Not supported | |||
End-to-end HTTPS | ||||
Mutual authentication | Not supported | |||
Custom TLS security policy | Not supported | |||
TLS 1.3 support | ||||
Health check | ||||
Identity management | ||||
Monitoring and statistics | ||||
Access logs | ||||
Audit log | ||||
Basic monitoring metrics | ||||
Tracing | Not supported | |||
Advanced features | ||||
ALB Ingress Controller (for ACK and ACS integration) | Not supported | |||
Web Application Firewall (WAF) | Not supported | |||
Global Accelerator (GA) integration | Not supported | |||
Client IP preservation | Not supported | |||
Session persistence | Not supported | |||
Persistent backend connections | ||||
Instance cloning | Not supported | |||
Slow start | Not supported | |||
Connection draining | Not supported | |||
Cross-zone load balancing | Not supported | |||
Resource reservation | Not supported | |||
AI proxy | ||||
Token-based rate limiting | ||||
Inbound/outbound authentication | ||||