ALB Multiple target groups
My EC2-ALB has a target group and working fine with EC2 instance. Main purpose of this ALB is to terminate http (80) to https (443). Now I want to have another target group for another EC2 instance. Purpose for this is to terminate http to https. When I create another target group on same ALB then it does not allow me to use port 80 and port 443 because they are already in use by first target group. So by default it configure on port 81 and 444 respectively. Problem is when I am trying to register my EC2 instance with this target group on port 81 then it does not go healthy. I have already allowed inbound ports 80,81,443 and 444 on EC2 security.
- Newest
- Most votes
- Most comments
You can use the same port on a different target group. It sounds like your trying to create a new Listener on the ALB where your seeing the clash of ports.
Create rules on the listener and use something like host header to send the different requests to the different Target groups.
This way you can retain port 80 and 443
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-rules.html
Listeners on an ALB are the paths into the load balancer for clients, and typically clients expect to see the protocol using the port for the service, for which TCP port 80 is HTTP and TCP port 443 is HTTPS. You can use other ports, but don't expect everyone to support it - generally if you own the client and are OK with using a non-standard port this is OK, but if you don't own the client and traffic comes in over the internet, try to only use the standard ports.
From listeners the requests are brought into the rules for that listener, where you can do a lot of things and branch off to many target group. Target groups don't need to be 1:1 with listeners on ALB (unlike NLB). It is very common to have multiple rules for 1 HTTPS listener, each going to a different application or stack in its own target group. So you don't strictly need a listener per target group, and it is more common to have few listeners and many target groups than the opposite on ALBs.
Finally, it sounds like the group you want to forward to may be primarily functioning to do HTTP to HTTPS redirect. If that is the case, you can have the ALB do that for you with an HTTP listener on port 80, and the default rule routing to a Fixed Response which gives a redirect. Note that the redirect can be to a specific site/URI, or could be just redirect to whatever site/URI the client had sent in but with HTTPS instead of HTTP. With this you don't need to run servers to get all HTTP requests on your ALB redirected to your HTTPS listener. You can see more about this in the Advanced Request Routing demo
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- asked 8 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- I host a website on an EC2 instance. How do I allow my users to connect on HTTP (80) or HTTPS (443)?AWS OFFICIALUpdated 2 years ago
Thanks for your prompt reply. I have created 2 separate new rules (for port 80 and 443) with host header as elasticbeanstak application public IP address. Target group health is now healthy. May I know how to access this application with https, because this application is not associated with a domain. Do I need to create A record on Route 53?
Just to confirm 2 rules, one on each listener? You have to create a certificate and assign to the HTTPS listener if do you do not already. The SSL Cert SAN needs to match the record you are going to create in Route53.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html