- Newest
- Most votes
- Most comments
Hello, thank you for your question!
Termination of HTTPS is important because it guides where the HTTPS connection stops. Assuming Beanstalk automatically created an ALB, the first thing to consider is how you are configuring your HTTPS termination, whether at the Load Balancer or at the Instance.
If at the Load Balancer, please verify that these steps are correctly configured:
-
Choose ‘Add Listener’
-
In the ‘Application Load Balancer listener’ dialog box, configure the following settings:
-
For ‘Port’, type incoming traffic port, typically 443
-
For ‘Protocol’, choose ‘HTTPS’
-
For ‘SSL certificate’, choose your certificate
-
-
Choose 'Add'
If at the Instance, you must set up certain configuration files, such as .ebextensions/https-instance-securitygroup.config
Once you have successfully configured termination, you can check your Network ACLs and Security Groups once more:
-
Check to see what subnet your instance is a part of (this will determine how you will configure your Route Tables)
-
Verify NACLs allow inbound/outbound traffic as deemed appropriate by your environment
-
Once NACLs are configured, check SGs again, and then attempt to connect again
Note that NACLs control the traffic into and out of the subnet, while Security Groups control traffic into the instance.
Hopefully, this answers your question!
For more detailed troubleshooting, please check out these resources:
Yes I opened port 80/443/27017 on a security group that I attached to the instances, not sure where else they need to be opened?
Do I need a security group for the load balancer and a separate one for the instances?
Can you clarify this point please?
So you have opened up access in the security group for your load balancer on port 80/443/27017, have you also made sure that this security group has been added to the security group on the instances running your beanstalk application?
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
Yes the load balancer has it's own security group as well as the instances.