How can I use an Application Load Balancer to redirect HTTP requests to HTTPS?

Resolution

Note: The following resolution applies only to Application Load Balancer. If you're using Classic Load Balancer, then see How do I redirect HTTP traffic to HTTPS on my ELB Classic Load Balancer?

Confirm your load balancer's type

Complete the following steps:

1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
2. In the navigation pane, under Load Balancing, choose Load Balancers.
3. Find the load balancer that you're creating a listener rule for. In the Type column, note whether the load balancer is listed as application, classic, network, or gateway.

Note: Before you complete the following steps, you must first create a target group.

Create an HTTP listener rule that redirects HTTP requests to HTTPS

To create an HTTP listener rule and redirect requests to HTTPS, complete the following steps:

Note: If you already have an HTTP listener, the proceed to the next set of steps.

1. Open the Amazon EC2 console.
2. In the navigation pane, under Load Balancing, choose Load Balancers.
3. Select your load balancer, and then choose Listeners, Add listener.
4. For Protocol: port, choose HTTP. You can either keep the default port, or specify a custom port.
5. For Default actions, choose Add action, redirect to, and then enter port 443. If you don't use the default port, then choose a different port. For more details, see Rule action types.
6. Complete the steps in the Create an HTTPS listener section.

If you already have an HTTP listener, then complete the following steps to redirect HTTP requests to HTTPS:

1. Select your load balancer, and then choose HTTP Listener.
2. Under Rules, choose View/edit rules.
3. Choose Edit Rule to modify the default rule to redirect all HTTP requests to HTTPS. Or, you can insert a rule between the existing rules.
4. Under Then, delete the existing condition, and then add the new condition with the Redirect to action.
5. For HTTPS, enter 443 port.
6. Keep the default for the remaining options.
   Note: To change the URL or return code, modify the remaining options.
7. To save, choose the checkmark icon.

Create an HTTPS listener

Note: If you already have an HTTPS listener with a rule to forward requests to the target group, then proceed to Verify that the security group of the Application Load Balancer allows traffic on 443.

Complete the following steps:

1. Choose Listeners, Add listener.
2. For Protocol: port, choose HTTPS. Keep the default port, or specify a custom port.
3. For Default actions, choose Add action, Forward to.
4. Select a target group that hosts application instances.
5. Select a predefined security policy for your configuration.
6. Choose Default Security Certificate. If you don't have one, then request a security certificate.
7. Choose Save.

Verify that the security group of the Application Load Balancer allows traffic on 443

Complete the following steps:

1. Choose the load balancer's description.
2. Under Security, choose Security group ID.
3. Verify the inbound rules. The security group must have an inbound rule that allows traffic on HTTP and HTTPS.

If there are no inbound rules, then complete the following steps to add them:

1. Choose Actions, Edit Inbound Rules.
2. Choose Add rule.
3. For Type, choose HTTPS.
4. For Source, choose Custom (0.0.0.0/0 or Source CIDR).
5. Choose Save.