How to Add a New Listener to an Existing Elastic Load Balancer (ELB)
The AWS Elastic Load Balancer supports load balancing using HTTP, HTTPS (Secure HTTP), TCP and SSL (Secure TCP) protocols. We can specify the protocols for the front-end connections (client to load balancer) and the back-end connections (load balancer to back-end EC2 instance) separately.
By default, when we configure the ELB, it is configured to use HTTP for both front-end (ELB) and back-end (Ec2 instances). This guide shows how to add a new listener to an existing Load Balancer.
We will add the HTTPS protocol at the front-end connection. To configure the ELB to receive front-end requests on HTTPS, it is required to provide a CA authenticated certificate to the AWS ELB. For more information about how to create your SSL certificate and to upload it to AWS using IAM refer to here.
1. Click the tab “Listener”.
2. Select “HTTPS” as the “Load Balancer Protocol” and select “HTTPS” as the “Instance Protocol”. You can keep the Instance Protocol either as HTTP or HTTPS based on your web server configuration. We have configured the instances to listen on HTTPS so we added HTTPS as the instance protocol.
[Newvem analyzes your baseline disaster recovery (DR) status, reflecting how well AWS DR best practices have been implemented, and recommends AWS features and best practices to reach optimal availability, increase outage protection, and quick recovery. Learn More]
3. Click “Change” under the “Cipher” column to provide the cipher information.
4. The ELB provides two sample cipher policies, ELBSample-ELBDefaultCipherPolicy and ELBSample-OpenSSLDefaultCipherPolicy. You can select one of the sample policies or customize your own ciphers. A default policy will be used if none is specified. Select either a sample policy or a custom policy as shown below and click “Save”.
5. Still under the”Listener” tab, click “select” on the “SSL Certificate” column. Provide a name for the certificate. Add the private key and the public key certificates of your CA authorized SSL certificate. For more information about creating a private key and generating CA authorized certificates refer here.
6. The ELB validates your certificate and if it is not a valid one, it will not allow adding it. The certificate has to be in X.509 format. You can also add a Certificate Chain if you have one.
7. If the certificate is successfully authenticated, it will be added to the existing certificate list.
8. The additional listener is configured.
9. Once the new listener is added, the action button will change to “Remove” for the new ELB listener.
10. Go to the “Description” tab of the ELB to view its list of listeners.
11. To access this ELB, access it with HTTPS record by using the DNS name. We used “A-Record”.
12. It will load one of the instance pages.
Add a New Listener to an ELB using the CLI tools
14. Set the ELB CLIs as explained here.
15. Set the AWS Region using the command:
16. Run the command bellow to add a listener (The SSL has to be uploaded). Check here how to add the SSL using the command line tool.
First get the SSL certificate ARN with the following command:
iam-servercertgetattributes -s themedesigner
You will see the ARN of the SSL certificate.
Add the Listener with the command:
elb-create-lb-listeners AWSHttpsELB --listener "protocol=HTTPS,lb-port=443,instance-port=80,instance-protocol=HTTP, cert-id=arn:aws:iam::960573937732:server-certificate/t********ner"
17. The above commands with actual output are shown below.
[Newvem analytics tracks you AWS cloud utilization:
- Hourly Utilization Pattern Analysis
- Reserved EC2 Instances Decision Tool
- Resource Resizing Opportunities
Keywords: Amazon web services, Amazon AWS console, AWS S3, Amazon Cloud Services, AWS Management Console, AWS ELB, Elastic Load Balancer, CLI, Command Line Tools, Cloud Cost, AWS API, HTTP, HTTPS, Connection Protocol, SSL Certicficate, IAM