// TOM WARSOP

Add HTTPS to AWS Load Balancer

2025/02/25
Tags: Website Hosting HTTPS AWS Load Balancer

Introduction

This blog post introduces the steps needed to add HTTPS to an AWS Load Balancer. This could be a load balancer that you have created during the setup of hosting a docker container in AWS Fargate. Like in this previous post: Hosting a Docker Container in AWS Fargate.

Requesting a Certificate

First, you need to request a certificate from AWS Certificate Manager. This certificate will be used to encrypt the traffic between the client and the load balancer.

  • Go to Certificate Manager
  • Click on Request
  • Select Request a public certificate
  • In the Fully qualified domain name box enter the root domain e.g. example.com
  • Select Add another name to this certificate and enter a wildcard for the subdomains e.g. *.example.com
  • Make sure DNS validation is selected for the Validation method
  • Click Request
  • Navigate to the certificate entry (you will probably already be taken there after selecting Request in the previous step) and select the Create records in Route 53 option
  • The certificate will be have a Pending validation status, after a few minutes this should change to Issued, the you can carry on to the next step

Add a HTTPS Listener to the Load Balancer

  • In the AWS console goto EC2
  • Click on Load Balancers
  • Select the load balancer you want to add HTTPS to
  • On the Listeners and rules tab select Add listener
  • For the Protocol select HTTPS
  • Set Routing actions to Forward to target groups and in Target group select the target group already set up for the load balancer
  • In the Secure listener settings section under Certificate (from ACM) select the certificate created in the previous step
  • Click Add at the bottom of the page

Update the Security Group

The security group for the load balancer will need to be updated to allow HTTPS traffic.

  • For the load balancer select the Security tab
  • Click the security group listed for the load balancer
  • Click the Inbound rules tab
  • Click Edit inbound rules
  • Click Add rule
  • For Type select HTTPS and enter ::/0 for the allowed IP
  • Click Add rule again
  • For Type select HTTPS and enter 0.0.0.0/0 for the allowed IP
  • Click Save rules

Redirect HTTP to HTTPS

To ensure that all traffic is encrypted you can set up a rule to redirect HTTP traffic to HTTPS.

  • Under the load balancers Listeners and rules tab select the HTTP listener
  • Select the rules and click Actions then Edit rule
  • Under Default actions and Routing actions select Redirect to URL and select HTTPS for Protocol
  • Enter the Port too, which will be 443
  • Click Save changes

The End