How do I set up end-to-end HTTPS connectivity with AWS PrivateLink?
I need end-to-end HTTPS connectivity between clients in a consumer VPC to applications running behind the Network Load Balancer in a service provider VPC. How can I do this using AWS PrivateLink?
Create a self-signed X509 certificate for your application with OpenSSL. Then, install it on the required Amazon Elastic Compute Cloud (Amazon EC2) instances. Note: This certificate is used only between the Elastic Load Balancer and target EC2 instances. It's a best practice to use a trusted Certificate Authority to sign a certificate. It's a best practice to use self-signed certificates only in a test environment or for encryption between an Elastic Load Balancer and Amazon EC2 targets. The load balancer does not validate these certificates. Traffic between the ELB and the targets is authenticated at the packet level.
Request a public certificate for your domain name using AWS Certificate Manager (ACM). This certificate is used between the load balancer and clients. Important: Verify that the domain name that you specify matches the domain name of your website. If this entry doesn't match the domain name that users see when they visit your site (for example, www.example.com), they might receive a certificate error.