The current setup uses ELB for the nginx ingress controller, but there would be some benefits to switching over to NLB:

• With the current setup we don't get remote IPs in nginx logs
• We are already using L4 only on the ELB so why not, when NLB is better and more efficient at handling it.

The change should be straightforward, it will just require some testing.

These annotations need to be added to the ingress service:

    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'

The nginx default keepalive timeout is 75s but let's also specify that explicitly in the code, maybe with a comment telling people that the lb timeout must be shorter than the nginx keepalive.

After this change, make sure that the nginx logs show the proper remote IP address, not an internal 10. address.
Make sure TLS still works properly.