Skip to main content

Full gRPC Streaming on AWS

· 4 min read
Serhii Hrekov
Serhii Hrekov
software engineer, creator, artist, programmer, projects founder

Full gRPC Streaming on AWS: ALB to ECS Architecture

This architecture pattern is the definitive solution for running full-featured, high-performance gRPC services on AWS, leveraging dedicated container services (ECS/EKS) and the Application Load Balancer (ALB) for robust HTTP/2 transport.

1. Architecture Overview

The goal is to maintain an end-to-end HTTP/2 connection from the client to the server, essential for gRPC's core streaming features.

  • gRPC Client: Initiates an encrypted HTTP/2 connection.
  • Application Load Balancer (ALB):
    • Listens on HTTPS (port 443) and terminates the TLS connection.
    • Crucially, it uses HTTP/2 as the protocol when forwarding traffic to the backend targets.
  • ECS/EKS Cluster: Hosts the containerized gRPC application.
  • gRPC Server Container: Runs the long-lived gRPC server, handles decrypted HTTP/2 traffic, and manages the full gRPC protocol, including bi-directional streaming.

2. Implementation Steps

Step A: Container Configuration (ECS Task Definition)

Your gRPC server container must listen on a specific port (e.g., 50051) and implement the standard gRPC health check service: /grpc.health.v1.Health/Check.

Step B: Application Load Balancer Setup (The Key)

The ALB must be configured for gRPC compatibility:

  1. Listener: Create an HTTPS listener (port 443) for client connection and TLS termination.
  2. Target Group: Create a new Target Group with these critical settings:
    • Protocol: Set to HTTP.
    • Port: Set to your gRPC server port (e.g., 50051).
    • Protocol Version: Set this to gRPC. This enables HTTP/2 forwarding to the targets and gRPC-specific health checks.
    • Health Check Protocol: Set to gRPC.

Step C: ECS Service Deployment

  1. Create an ECS Service (e.g., using Fargate).
  2. Integrate the service with the newly created ALB Target Group. ECS automatically registers and deregisters tasks as they scale.
  3. Ensure security groups allow inbound traffic from the ALB to your ECS tasks on the gRPC port.

3. Key Operational Considerations

ConsiderationgRPC/ALB RequirementRationale
EncryptionEnd-to-end TLS is required by gRPC and the ALB.gRPC best practice is always secure channels; the ALB handles termination at the edge.
ALB Load BalancingRound-robin is typically applied per connection.Since gRPC multiplexes requests over a single connection, this can create "hot nodes."
Health ChecksUse the standard gRPC health checking endpoint (/grpc.health.v1.Health/Check).The ALB specifically looks for a SERVING status from the gRPC protocol.

This architecture provides the necessary persistent connection and protocol fidelity to support all gRPC call types, including crucial bi-directional streaming, making it the robust choice for performance-critical services on AWS.