Permalink
Fetching contributors…
Cannot retrieve contributors at this time
42 lines (29 sloc) 1.67 KB
title
SSL Support

Application Load Balancers

If you are using an Application Load Balancer you can configure SSL support by uncomment the listener_ssl option in .ufo/settings/cfn/default.yml. Here's an example:

listener_ssl:
  port: 443
  certificates:
  - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555

For the certificate arn, you will need to create a certificate with AWS ACM. To do so, you can follow these instructions: Request a Public Certificate

Once this is configured, you deploy the app again:

ufo ship

Network Load Balancers

Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model. With Network Load Balancers you must handle SSL termination within your app with the server you are using. For example, apache, nginx or tomcat.

You also will need to also configure the target group to check the port that your app server is listening to and configure the health_check_protocol to HTTPS. Here's an example:

listener_ssl:
  port: 443
target_group:
  port: 443
  health_check_protocol: HTTPS

The protocol in the case of the network load balancer is TCP and is configured to TCP by default by ufo for Network Load Balancers, so you don't have to configure the protocol.

Back Next Step

Pro tip: Use the <- and -> arrow keys to move back and forward.