TLS/SSL certificates


Hi Team,

we are trying to use EKS/farget with ALB ingress controller. Here we want our host to be deployed as HTTPS.

Can you please give us some information on how can we achieve this and is there way to create TLS and SSL certificate as apart of terraform


1 Answer

To enable HTTPS on the ALB, you need to create an SSL/TLS certificate and associate it with the ALB listener. You can create an SSL/TLS certificate using Amazon Certificate Manager (ACM).

You can create the certificate using Terraform with aws_acm_certificate resource and associate it with the ALB listener using aws_lb_listener_certificate. Reference links with example below.

With the certificate in place, your ALB ingress controller can route HTTPS traffic to your EKS/Fargate pods. Note that you will need to configure your pods to listen on the appropriate port and respond to HTTPS requests.

answered a year ago
  • I have also done the same setup where I am using one certificate from ACM and adding all the necessary annotations in ingress and service for our deployment. Here are the snippets, ingress: annotations = { "" = "arn:aws:acm:us-east-1:036937938941:certificate/499b9cca-8c07-4a73-9ee9-e5263d3ec7ec" # TODO: Fill in the listening ports. # Set HTTP to HTTPS redirects. Every HTTP listener configured will be redirected to below mentioned port over HTTPS. "" = "[{"HTTPS":443}]" "" = "{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}" "" = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" "" = "" = "99" "" = "internal" "" = "ip" "" = "3000" "" = "/api/health" "" = data.aws_ssm_parameter.subnet_compute_ids.value }

    I don't have listener for http but still requests are showing as "not secure". Hope we can spend some time to resolve this part.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions