Application Load Balancers
If you are using an Application Load Balancer you can configure SSL support by uncomment the
listener_ssl option in
.ufo/settings/cfn/default.yml. Here’s an example:
listener_ssl: port: 443 certificates: - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
For the certificate arn, you will need to create a certificate with AWS ACM. To do so, you can follow these instructions: Request a Public Certificate
Once this is configured, you deploy the app again:
Network Load Balancers
Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model. With Network Load Balancers you must handle SSL termination within your app with the server you are using. For example, apache, nginx or tomcat.
You also will need to also configure the target group to check the port that your app server is listening to and configure the health_check_protocol to HTTPS. Here’s an example:
listener_ssl: port: 443 target_group: port: 443 health_check_protocol: HTTPS
The protocol in the case of the network load balancer is TCP and is configured to TCP by default by ufo for Network Load Balancers, so you don’t have to configure the protocol.
Pro tip: Use the <- and -> arrow keys to move back and forward.