AWS Elastic Load Balancing: Support for SSL Termination
You can now create a highly scalable, load-balanced web site using multiple Amazon EC2 instances, and you can easily arrange for the entire HTTPS encryption and decryption process (generally known as SSL termination) to be handled by an Elastic Load Balancer. Your users can benefit from encrypted communication with very little operational overhead or administrative complexity.
Until now, you had to handle the termination process within each EC2 instance. This added to the load on the instance and also required you to install an X.509 certificate on each instance. With this new release, you can simply upload the certificates to your AWS account and we’ll take care of getting them distributed to the load balancers.
- Create or purchase a certificate.
- Upload the certificate to your AWS account using the AWS Management Console or the iam-servercertupload command, then retrieve the ID of the uploaded certificate.
- Create a new load balancer which includes an HTTPS listener, and supply the certificate ID from the previous step.
- Configure a health check and associate EC2 instances with the load balancer as usual.
As you may know, you can use the AWS Management Console to create and manage your Elastic Load Balancers. As you can see from the second and third screen shots below, you can now select one of your existing SSL certificates or upload a new one when you create a new Elastic Load Balancer:
A lot of our users have asked for this feature and we are happy to be able to meet their needs.
Update: We’ve gotten some good feedback on this post already. Here are some replies:
- The team is looking in to supplying the X-Forwarded-Proto header. This would allow your application to verify that the request was made using HTTPS, or to treat HTTP and HTTPS requests differently.
- Session stickiness is supported for HTTPS/SSL.
PS – The Elastic Load Balancer team is looking for developers.