Kelbim

Classic ELB

Manage AWS Classic Load Balancers as code with Ruby

Manages
AWS Elastic Load Balancing (Classic Load Balancer)
Language
Ruby
Package
kelbim
CLI
kelbim
Config file
ELBfile
The upstream repository is archived and has seen no activity since 2017; it only supports Classic Load Balancers, so pin versions and plan a migration path for new workloads.
ELBfile
ec2 do
  load_balancer "my-load-balancer" do
    instances(
      "cthulhu",
      "nyar",
    )

    listeners do
      listener [:http, 80] => [:http, 80]
    end

    health_check do
      target "HTTP:80/index.html"
      timeout 5
      interval 30
      healthy_threshold 10
      unhealthy_threshold 2
    end
  end
end
In short

Kelbim is a command-line tool that manages AWS Classic Load Balancers as code. You keep listeners, health checks, and policies in a Ruby file called an ELBfile, then apply it to update AWS. It supports the original Classic ELB only, not ALB or NLB.

What is Kelbim?

Kelbim manages AWS Classic Load Balancers as code. Each load balancer is described in a Ruby file called an ELBfile. The kelbim command compares the file to the live setup and applies only the difference.

Classic ELB settings are easy to get subtly wrong. A health check interval gets tweaked in the console. A listener is added during an incident and never written down. Kelbim moves these settings into version control, where each change is a diff you can review and dry-run first. This is the codenization approach.

An ELBfile can describe:

  • Listeners, including SSL listeners with certificates
  • Health checks, targets, and thresholds
  • Attached instances, subnets, security groups, and policies

Kelbim covers Classic Load Balancers only. It predates ALB and NLB. So it mainly helps teams still running legacy ELBs, often beside Piculet for the security groups those balancers use.

Key facts
  • Manages Classic Load Balancers only, not ALB or NLB.
  • Listeners, health checks, and policies all live in one ELBfile.
  • Handles SSL listeners with certificates and load balancer policies.
  • A built-in test mode reports mismatches between the file and live ELBs.
  • Dry-runs double as drift detection for hand edits during incidents.
  • The repo is archived since 2017, so plan an ALB or NLB migration.
Illustration: AWS Elastic Load Balancing (Classic Load Balancer) managed as code with Kelbim
Getting started

Install and run Kelbim

1

Install

Install the kelbim gem (Ruby required).

$ gem install kelbim
2

Export current state

Pull the live Classic ELB configuration into a ELBfile.

$ kelbim -e -o ELBfile
3

Dry-run, then apply

Preview the diff, then apply the change for real.

$ kelbim -a --dry-run

Kelbim uses a plain export, review, apply loop. Export the live setup with kelbim -e, or --split-more for one file per load balancer, and commit it to Git. That snapshot becomes the single source of truth for listeners, health checks, subnets, and policies. It fits the standard export, review, apply workflow.

Changes then happen in the file, not the console. Edit the ELBfile in a branch and run kelbim -a --dry-run to see what would be created, changed, or removed. Attach that output to the pull request. After review, kelbim -a applies it idempotently, so re-running makes no further changes. A periodic dry-run, or kelbim -t, catches listener or health check edits made by hand during an incident.

Pro tip

Use a Kelbim export as your migration map. It lists every listener mapping and policy in one place, which makes translating a Classic ELB into an ALB or NLB much easier.

Capabilities

What Kelbim can do

Export existing load balancers

kelbim -e writes current ELB config to an ELBfile. Use --split or --split-more for per-VPC or per-load-balancer files, which keeps diffs manageable.

Dry-run diffs

kelbim -a --dry-run previews every listener, instance, health check, and policy change. Nothing touches a production balancer unreviewed.

Listener and policy management

The DSL declares listener port mappings, including SSL listeners with certificates, plus load balancer policies. Use --without-deleting-policy to keep unmanaged policies.

Built-in inspection commands

--show-load-balancers and --show-policies dump the live state of your ELBs and policy types from the command line. No console needed.

Test mode

kelbim -t checks the real ELB config against your ELBfile and reports mismatches. It is a quick drift check for load balancer settings.

Scoped operations

-n or --elb-names limits work to specific balancers, and --ec2s restricts to certain VPCs. Both help in shared accounts.

What Kelbim supports
Kelbim targets the original Classic ELB API and does not cover newer load balancer types.
FeatureSupported?
Classic Load Balancer (ELB)Yes
Application Load Balancer (ALB)No
Network Load Balancer (NLB)No
SSL listeners and certificatesYes
Load balancer policiesMost types
ProxyProtocol, BackendServerAuth, PublicKey policiesNot supported
In practice

When teams reach for Kelbim

Documenting legacy Classic ELBs

Many old accounts still run Classic balancers nobody dares touch. A Kelbim export turns them into readable code. You get an instant list of listeners, certificates, and health checks to review and audit.

Safe health check tuning

Changing thresholds on a production balancer is nerve-wracking. With Kelbim the change is a two-line diff. The dry-run confirms scope, and Git gives you an instant revert path if error rates move.

Preparing an ALB/NLB migration

Before leaving Classic ELB, you need a precise picture of current behavior. The ELBfile captures every listener mapping and policy in one place, so translating to ALB or NLB is far easier.

FAQ

Kelbim questions, answered

Does Kelbim support ALB or NLB?
No. Kelbim manages Classic Load Balancers, the original ELB API, only. It predates Application and Network Load Balancers. If you run ALBs or NLBs, use another tool such as Terraform's aws_lb resources.
How do I start managing existing load balancers with Kelbim?
Run kelbim -e -o ELBfile to export the current config without changing anything, then commit the file. After that, edit the ELBfile, preview with kelbim -a --dry-run, and apply with kelbim -a.
Can Kelbim manage SSL certificates and policies?
Yes. Listeners can reference SSL certificates, and the DSL manages load balancer policies. Use --without-deleting-policy to leave existing policies alone. A few policy types are not supported: ProxyProtocolPolicyType, BackendServerAuthenticationPolicyType, and PublicKeyPolicyType.
Is Kelbim still maintained?
No. The repository is archived and last saw activity in 2017. It still works for legacy Classic ELB estates with pinned gem versions. For new work, use actively maintained tooling like Terraform, and ideally migrate off Classic ELB. See our codenize-tools vs Terraform guide for context.
Will Kelbim delete load balancers missing from my ELBfile?
Kelbim reconciles AWS to match the file, so managed resources absent from the ELBfile are removed on apply. Use -n or --elb-names or --ec2s to scope operations, and always review the dry-run output before applying.