By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS service for HTTP -> HTTPS redirect?

0

The idea would be to not have to run and maintain a small instance with nginx to do the redirect.

so if there was an amazon service that i could call, put security group on it, link to alb, and deploy with new terraform/cfn,.... and not have to maintain a server (or an asg of 1 with health)?

this is the nginx equivalent:


server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}
Topics
ComputeNetworking & Content Delivery
Tags
Website ProvisioningElastic Load BalancingSecurity Group
Language
English
nando
asked 3 months ago218 views
3 Answers
1

Hello.

It is possible to redirect to HTTPS with ALB.
To create an HTTPS listener with ALB, you will also need to issue a certificate with ACM, but you will no longer need to configure HTTPS with Nginx.
https://repost.aws/knowledge-center/elb-redirect-http-to-https-using-alb

An example setting for CloudFormation is as follows.

  ALB: 
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties: 
      Name: !Sub ${ServerName}-alb
      Scheme: "internet-facing"
      LoadBalancerAttributes: 
        - Key: "deletion_protection.enabled"
          Value: false
        - Key: "idle_timeout.timeout_seconds"
          Value: 4000
      SecurityGroups:
        - !Ref SGloadbalancer
      Subnets: 
        - !Ref Subnet1
        - !Ref Subnet2
  ALBListenerHTTP: 
    Type: "AWS::ElasticLoadBalancingV2::Listener"
    Properties: 
      Port: 80
      Protocol: HTTP
      DefaultActions: 
        - Type: redirect
          RedirectConfig: 
            Host: '#{host}'
            Path: '/#{path}'
            Port: 443
            Protocol: HTTPS
            Query: '#{query}'
            StatusCode: HTTP_301
      LoadBalancerArn: !Ref ALB
  ALBListenerHTTPS:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      Port: 443
      Protocol: HTTPS
      Certificates:
        - CertificateArn: !Ref ACM
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroup
          Type: forward
      LoadBalancerArn: !Ref ALB
profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 3 months ago
0

The ALB can redirect from HTTP to HTTPS, but you're looking for something else?

https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/

profile picture
EXPERT
shibata
answered 3 months ago
0

CloudFront natively supports redirects from HTTP to HTTPS. For more complex interactions, you could also use Lambda@Edge: https://aws.amazon.com/blogs/networking-and-content-delivery/handling-redirectsedge-part1/

profile pictureAWS
EXPERT
Brettski-AWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content