AWS Fargate + Application Load Balancer SSL Termination

amazon-web-services load-balancing amazon-elb amazon-ecs
9,147

Yes it is possible.

  1. Create a SSL certificate for your domain in ACM (Amazon Certificate Manager).
  2. Create a HTTPS Listener in the ALB that will listen on port 443 and configure it to use the above SSL Certificate.
  3. Open the ALB Security Group to permit inbound traffic on port 443.

That's it, pretty much. The ALB must have one Listener per port, so if you are accepting traffic on both HTTP/80 and HTTPS/443 you'll need 2 listeners.

The Target Group doesn't change, it will still connect to your Fargate containers over HTTP.

Hope that helps :)

Share:
9,147

Related videos on Youtube

Jeremy Blalock
Author by

Jeremy Blalock

Updated on September 18, 2022

Comments

  • Jeremy Blalock
    Jeremy Blalock over 1 year

    I'm trying to configure ECS Fargate behind an Application Loader Balancer (ELBv2), and I would like to terminate the TLS/SSL connections on the ALB, and send HTTP traffic (port 80) to the Fargate images, which listen on port 80.

    This is the diagram of what I'm trying to do:

    elb to fargate

    • I am currently able to send HTTP traffic from the internet to Fargate, but I have not found a way to terminate the TLS connection at the Application Loader Balancer and forward HTTP traffic to ECS. Is this possible?
    • I am hosting a fairly static application with no sensitive user data, hence I am not particularly worried about data in transit between the ALB and ECS.

    Any help appreciated!

  • Stefano
    Stefano almost 5 years
    As an aside, you can also configure the ALB to redirect any traffic arriving on 80 to go to 443: docs.aws.amazon.com/elasticloadbalancing/latest/application/‌​…
  • Mark Entingh
    Mark Entingh over 4 years
    What about encrypting the response back to the client via TLS? How would you set that up? In my case, the ALB is on a public subnet, ECS is on a private subnet, and my NAT sends traffic from ECS back to the client
  • MLu
    MLu over 4 years
    @MarkEntingh Are you sure that the the return traffic goes thriugh NAT and not through the ALB? That’d be quite unusual, perhaps if you’re using some obscure protocol over multiple ports that may be the case. Normal HTTPS or WebSocket traffic simply goes back through the same ALB and is therefore TLS protected between the client and ALB in both directions.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Elastic Load Balancer and target group health check fail for no apparent reason
Reverse Proxy Server Cloud Architecture (AWS + nginx)
Get AWS ELB name from an attached instance
What algorithm does Amazon ELB use to balance load?
AWS ECS 503 Service Temporarily Unavailable while deploying
Amazon API Gateway in front of ELB and ECS Cluster
Can ELB redirect request depending on the URL?
Why does Elastic Load Balancing report 'Out of Service'?
Install Wildcard Certificate onto AWS EC2 Load Balancer
What's the target group port for, when using Application Load Balancer + EC2 Container Service