- Newest
- Most votes
- Most comments
Hi.
Is the direction of the request below?
Private EC2 -> NAT Gateway -> Internet -> ELB -> Public EC2
- If your ELB has an SSL certificate installed, you can.
- If you want to use SSL when sending requests directly to EC2 with a private IP address within the VPC, you need to install an SSL certificate on EC2.
Thanks for the detailed description.
If you don't want ELB to terminate HTTPS connection (i.e. use the certificate installed in the backend EC2), you could consider using NLB with TCP:443 listener [1]. Otherwise, importing and associating a certificate [2] with ELB will also work.
As a side note, moving back-end instances to private subnets ensures that clients only access your service through the ELB. [3][4]
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html
[2] https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/
[3] https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
[4] "Both internet-facing and internal load balancers route requests to your targets using private IP addresses. Therefore, your targets do not need public IP addresses to receive requests from an internal or an internet-facing load balancer." - https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html#load-balancer-scheme
Relevant content
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
