Reputation: 6300
AWS, ALB behind NLB using TLS
I have a use case where I need to make a public NLB and behind it I need to add an ALB. So client send request to my NLB and the NLB forward the traffic to my ALB.
Client => NLB => ALB => ECS service.
I need that my connection between client (public) and my NLB must be encrypted so I need to use TLS protocol. but when I configure NLB to use TLS protocl I receive the bellow error:
TLS listeners on Network Load Balancers cannot forward to ALB-type target groups which is specified in the AWS documentation [1]:(https://aws.amazon.com/fr/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/)
Have you an idea how should I do?
Upvotes: -1
Views: 843
Answers (1)
Reputation: 201093
In this scenario the NLB has to be operating in TCP passthrough mode. In TCP passthrough mode, it is the target of the NLB that handles SSL/TLS for the connection. If you configure TLS on the ALB, and forward the NLB traffic to the ALB's TLS port, then the traffic will encrypted.
Upvotes: 0
Related Questions
- Is AWS NLB supported for ECS?
- How to register alb as target for a targetgroup via terraform
- How does NLB -> ALB actually work ? ALB allows only HTTP, HTTPS, WebSockets and NLB supports only TCP, TLS, UDP
- Use AWS Loadbalancer for HTTPS and SSH
- Health check fails after switching from ALB to NLB?
- ECS autoscaling behind NLB based on request count per target
- How is TLS termination implemented in AWS NLB?