CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2httpsaws-application-load-balancer
Hooman Bahreini
Hooman Bahreini

Reputation: 15549

Using Application Load Balancer with HTTPS

This is the first time that I am using load balancer... I have spent quite a bit of time going through documentation and I am still quite confused.

I want to host my website. My website supports HTTPS only. I want to put my backend servers behind an Application Load Balancer.

I am using AWS' default VPC, I have created an ALB (myALB) and installed my SSL certificate on it. I have also created 2 EC2 instances (myBackEndServer1 & myBackEndServer2).

Questions:

  1. Should the communication between backend servers and myALB be through HTTP or HTTPS?
  2. I have created an HTTPS listener on myALB, do I also need an HTTP listener on myALB? what I want is to redirect any HTTP request to HTTPS (I believe this should happen on myALB)?
  3. I want to use External ID login (using Facebook). I have set up Facebook login to work with HTTPS only. Does the communication between Facebook and my backend servers go through myALB? I mean, I either need HTTPS on my backend servers, or the communication with facebook should go through myALB.

I would appreciate any general advice.

Upvotes: 3

Views: 2075

Answers (1)

Vladyslav Usenko
Vladyslav Usenko

Reputation: 2376

  1. You can use both HTTP and HTTPS listeners.
  2. Yes, you can achieve that with ALB. You can add a rule to it that says that any request that is coming to port 80 will be redirected to port 443 on a permanent basis. Check out rules for ALB.
  3. If you make a request from your instances to Facebook - it depends on Facebook, whether your communication will be encrypted, because in such case you are a client. However if you set up some webhook, Facebook is now a client and to communicate with you, you're gonna give your load balancer's DNS name. And due to the point 2 in this list, Facebook will be forced to use TLS.

I'm not sure I fully understood your question number three, but here's something you may also find useful. ALB has some features that allows to authenticate users with Cognito. It explicitly says that your EC2 instances can be abstracted away from any authentication, also if it makes use of Facebook ID or Google Id or whatever. Never tried though.

Upvotes: 4

Related Questions