AWS Fargate and Application Load Balancer SSL Termination

amazon-ecsamazon-elbamazon-web-servicesload balancing

I'm trying to configure ECS Fargate behind an Application Loader Balancer (ELBv2), and I would like to terminate the TLS/SSL connections on the ALB, and send HTTP traffic (port 80) to the Fargate images, which listen on port 80.

This is the diagram of what I'm trying to do:

I am currently able to send HTTP traffic from the internet to Fargate, but I have not found a way to terminate the TLS connection at the Application Loader Balancer and forward HTTP traffic to ECS. Is this possible?
I am hosting a fairly static application with no sensitive user data,
hence I am not particularly worried about data in transit between the
ALB and ECS.

Any help appreciated!

Best Answer

Yes it is possible.

Create a SSL certificate for your domain in ACM (Amazon Certificate Manager).
Create a HTTPS Listener in the ALB that will listen on port 443 and configure it to use the above SSL Certificate.
Open the ALB Security Group to permit inbound traffic on port 443.

That's it, pretty much. The ALB must have one Listener per port, so if you are accepting traffic on both HTTP/80 and HTTPS/443 you'll need 2 listeners.

The Target Group doesn't change, it will still connect to your Fargate containers over HTTP.

Hope that helps :)

Best Answer

Related Solutions

Coturn Server – Deploy Coturn Server Behind AWS Application Load Balancer

AWS ECS Fargate – How to Limit Public Access

Related Topic