Build VPC Application and Network Load Balancer configs with listeners, pools, and health monitors.
Last verified: May 2026
Build VPC Application and Network Load Balancer configs with listeners, pools, health monitors, and routing policies.
Required Fields
nametypesubnetslistenerspoolsOutput will appear here...IBM Cloud VPC Load Balancers come in two flavors — Application Load Balancer (HTTP/HTTPS, layer 7) and Network Load Balancer (TCP/UDP, layer 4) — each with their own listener, pool, and health monitor primitives. The IBM Load Balancer Config Builder produces a complete config for either type, with listeners, backend pools, health monitors, and routing policies, output as `ibm_is_lb` Terraform resources with all dependent objects in correct creation order.
Choose ALB for HTTP/HTTPS services where you want host-based or path-based routing, TLS termination, or per-request load balancing. Choose NLB for non-HTTP protocols, when you need the source IP preserved natively (NLB is layer 4 and doesn't proxy), or when extreme throughput matters more than layer-7 features.
Yes — IBM Cloud integrates with the Secrets Manager service for TLS certificates. You provision a certificate (Let's Encrypt, imported, or issued by a managed CA) into Secrets Manager, then reference it from the LB listener. Renewal is handled by Secrets Manager and the LB picks up the new cert automatically.
A new microservice deployment behind an ALB is showing 502 responses during deploys, even though the deploy runs one pod at a time and PodDisruptionBudgets are in place. The cause turns out to be the health monitor's strict 5-second interval and 3-retry threshold — backends get marked unhealthy faster than new ones come ready. You regenerate the LB config with a 15-second interval and 5-retry threshold, redeploy, and the 502s disappear.
The builder collects LB type (ALB or NLB), region, VPC, subnet placement, and a list of listeners (port, protocol, certificate, default pool). Each pool is defined with members (backend IPs or VPC instance references), a health monitor (interval, timeout, retries), and a load balancing algorithm. Output is `ibm_is_lb`, `ibm_is_lb_listener`, `ibm_is_lb_pool`, `ibm_is_lb_pool_member`, and `ibm_is_lb_health_monitor` Terraform resources with proper dependencies.
Set the connection limit per listener explicitly for production. The default ceiling is high but accepting unbounded connections during a traffic spike can starve backend pools.
Use weighted backend pools when rolling out a new version. Start the new pool at 10% weight, watch error rates and latency, ramp up. Far safer than an all-or-nothing DNS flip.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.