[ALB ACM ROUTE53 EC2]Connecting EC2 to HTTPS

BRYNNBRYNN
3 min read

1. Domain Purchase and ACM Certificate Issuance

1. Domain Purchase
  • Purchase on Gabia: Select and purchase a domain, verify it in MyGabia.
2. Domain Verification in Route 53

  • Create a Hosted Zone: Create a hosted zone in AWS Route 53 matching your domain.

  • Update Name Servers: Change the domain's name servers to Route 53's NS records (via Gabia).

  • Domain Ownership Verified: AWS verifies domain ownership after the name server update.

3. Issuing ACM (AWS Certificate Manager) Certificate

  • Request SSL/TLS Certificate: Enter the domain in ACM and request a certificate.

  • Choose DNS Validation: Select DNS validation for easier domain ownership proof.

  • Create CNAME Record: Add the CNAME record in Route 53 to complete the certificate validation. (CNAME registration is crucial; without it, the certificate remains in pending status)

Q: Why is the CNAME record important?

  • It proves domain ownership to ACM, enabling the issuance of the SSL/TLS certificate.

2. Setting Up Load Balancer and Passing Health Check

1. Pre-requisites

  • EC2 Instance Ready: Ensure an active web server is running on your EC2 instance.

  • Network and Security Group Config: Confirm VPC, subnet, and port settings for your EC2 instance.

2. Create Target Group

  • Create Target Group: Use the EC2 menu to create a target group.

  • Select Target Type: Choose 'Instance' and set the appropriate port (ex., 3000 for frontend in my case).

  • Target Group Created: Complete the setup and create the target group.

3. Create Load Balancer (ALB)

  • Select ALB: Choose Application Load Balancer.

  • Network Mapping: Match the VPC and subnets with your EC2 instance. (At least 2 availability zones required for high availability)

    • Q: Why 2 availability zones?: To ensure high availability and fault tolerance.

  • Set Up Listeners: Create listeners for HTTP (80) and HTTPS (443).

  • Apply ACM Certificate: Attach the previously issued SSL/TLS certificate.

  • Complete Load Balancer Setup: Finalize and create the load balancer.

  • Redirect HTTP to HTTPS: Edit the rule to redirect HTTP (80) traffic to HTTPS (443) for secure communication.

4. Create Domain Record

  • Create A Record: In Route 53, create an A record linking your domain to the load balancer.

    • Q: What is the significance of the A record?: It maps your domain name to the load balancer’s IP address, directing traffic accordingly.

  • A Record Creation Complete: The domain is now linked to the load balancer.

5. Configure Load Balancer Listener Rules

  • HTTPS:443 Listener: Set it to forward 100% of traffic to the created target group.

  • HTTP:80 Listener: Add a rule to redirect traffic to HTTPS (443).

  • Listener Rules Set: Ensure the listener rules are properly configured.

6. Set Up Health Check

  • Edit Health Check: Modify the Health Check settings in the target group.

  • Set Health Check Path and Success Codes: Configure the path and expected success response (200 status code).

  • Configure Web Server: Ensure your web server responds correctly to the Health Check path.

  • Health Check Passed: Once the Health Check is successful, the load balancer will distribute traffic reliably.

0
Subscribe to my newsletter

Read articles from BRYNN directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSroute53alb

Written by

BRYNN
BRYNN