Reputation: 9773
how do I connect to an AWS "Application Load Balancer" with SSL
I have just set up my first "Application Load Balancer" and I chose the SSL option to connect allowing AWS to generate the certificate for me based on my domain (www.example.com).
I have set the target to my EC2 instance and now I want to connect to the Load Balancer but not sure how. If I just connect to the DNS name of the load balancer I get an invalid certificate error.
I have read that I need to set a record for my domain but because the IP of an application load balancer may change, not sure if that is a good idea.
The documentation mentions the following:
Clients can use the Server Name Identification (SNI) protocol extension to specify the hostname they are trying to reach.
But I couldn't figure out how to do that. I'm very new to Load Balancers and not quite sure how to proceed.
Upvotes: 1
Views: 700
Answers (1)
Reputation: 6099
The following problem is easy to solve with AWS Route 53:
- Create a hosted zone in Route 53
- Choose the name of the hosted zone that has the domain name that you want to use to route traffic to your load balancer
- Choose Create Record Set.
Specify the following values:
Name:
Type the domain name that you want to use to route traffic to your ELB load balancer. The default value is the name of the hosted zone.
For example, if the name of the hosted zone is example.com and you want to use acme.example.com to route traffic to your load balancer, type acme.
Type:
Choose A – IPv4 address.
Alias:
Choose Yes.
Alias Target
Find the applicable category in the list (ELB Application Load Balancers, ELB Classic Load Balancers, or ELB Network Load Balancers), and then choose the name that you assigned to the load balancer when you created it.
Routing Policy: Accept the default value of Simple.
Evaluate Target Health:
If you want Route 53 to route traffic based on the health of your resources, choose Yes
Choose Create.
Also If you don't want to use Route 53 and if it's not at the apex, you use a CNAME to the ELB.
Refer to this Guide
Something like :
my.web.thingy.org CNAME my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com.
And yes you are correct the IP of ELB Changes Frequently and thus it is not recommended to use A Record in DNS.
Hope this Helps
Upvotes: 2
Related Questions
- ssl certificate through amazon elastic load balancer
- How do I route SSL traffic through an AWS "Application Load Balancer" to an EC2 instance
- Certificate authority SSL using AWS load balancer
- Trouble establishing a secured connection to a load balancer
- Using Application Load Balancer with HTTPS
- SSL certificate for AWS internal load balancer
- AWS EC2 Application Load Balancer + Two-Way SSL?
- Application Load Balancer (ELBv2) SSL pass through
- How to implement SSL on AWS instance
- SSL Certificate For AWS Load Balancer