Tech Junkie Blog - Real World Tutorials, Happy Coding!: Iaas With AWS: Setup SSL/TLS With Application Load Balancer Part 3

Monday, January 4, 2021

Iaas With AWS: Setup SSL/TLS With Application Load Balancer Part 3

 In the previous post we created four instances with a Launch Template. In this post we are going to add DNS records in Route 53 and configure our Application Load Balancer with our certificates.

Before we start creating stuff let's take a step back and look at how we want to configure the website.  Let's say a bank wants to branch out into investing, so it wants to dedicate to instances to it's investing arm.  In our architecture we would have two target groups, one target group handling traffic for https://acmebanking.com and the other target group handling traffic for https://investing.acmebanking.com

We are going to register all four instances on the load balancer.

1. So now we ready to create an Application Load Balancer, give it a name and for the listener add an HTTPS listener to the existing one


2. For the Availability Zones, choose at least one that matches your server's AZ, click "Next"


3. On the next page select "Choose a certificate from ACM (recommended), select the "Certificate name" from the drop down menu.  Then accept the default "Security policy"


4. Select "Next" then choose a Security Group that allows web traffic, or create an inbound rule that allows it

5.  On the "Configure Routing" page accept the default, create a new target group and change "Health threshold" to 2


6.  On the "Register Targets" page we are going to register the four instances that we've created, click "Review"

7. Click "Create"
8.  If the "Security Group" you choose for the load balancer does not have an inbound rule for HTTPS traffic you will get a warning, so go back to your Security Group and add a HTTPS inbound rule

The warning will go away once you added the rule for HTTPS inbound

8. Now click on "Target Groups" in the EC2 Dashboard and create another target group for investing.acmebanking.com, click on "Create target group: button
Give your target group a name, accept the default and click "Create" you may be wondering why we listen on port 80 that's because the load balancer takes care of HTTPS traffic it has the certificate, the instances does not need to handle HTTPS traffic, it can continue to deal with HTTP traffic.

9. On the "Register targets" page select Server 3 and Server 4

Click "Create target group" button, I believe the target one has all four servers, you can "Deregister" Server 3 and Server 4 on it if you want to now that we have target group 2 or you can leave it if you like.

10.  Now that we have an additional target group we want to add the investing.acmebanking.com certificate to the load balancer.  So click on "Listerners" on the load balancer and click on "View/edit certificates", currently the load balancer only uses target group 1, we are going to change that add a rule to use target group 2

11.  Click on the "+" next to "Certificates", check "investing.acmebanking.com" certificate and click "Add"
12.  There should now be two certificates
13. Now you want to edit the load balancing rules so that it could handle traffic for investing.acmebanking.com. Click on "View/edit rules" on the HTTPS listener

14. Add a host header rule that says if the host header is investing.acmebanking.com forward the traffic to target group 2

Now you should have the following rules








5 comments:

  1. Thanks for sharing this post. You are having great posts on your website but did you know there are many people out there who are not even aware of your website but are searching for the same niche content on internet. So if you want to reach your article to those people you need to promote your website. Start influencing more people by letting your website reach up to them.

    ReplyDelete
  2. This post is not only informative but impressive also, I learned new thing from this blog. This post is so persuasive that it created an urge to choose Mobile application development company. You can email us at sales@appsquadz.com or call us at +91-9717270746

    ReplyDelete
  3. article great
    https://www.digithow.com/2020/06/how-to-travel-on-budget-5-trusted-ways.html

    ReplyDelete

Search This Blog