[ALB ACM ROUTE53 EC2]Connecting EC2 to HTTPS
1. Domain Purchase and ACM Certificate Issuance
1. Domain Purchase
- Purchase on Gabia: Select and purchase a domain, verify it in MyGabia.
2. Domain Verification in Route 53
Create a Hosted Zone: Create a hosted zone in AWS Route 53 matching your domain.
Update Name Servers: Change the domain's name servers to Route 53's NS records (via Gabia).
Domain Ownership Verified: AWS verifies domain ownership after the name server update.
3. Issuing ACM (AWS Certificate Manager) Certificate
Request SSL/TLS Certificate: Enter the domain in ACM and request a certificate.
Choose DNS Validation: Select DNS validation for easier domain ownership proof.
Create CNAME Record: Add the CNAME record in Route 53 to complete the certificate validation. (CNAME registration is crucial; without it, the certificate remains in pending status)
Q: Why is the CNAME record important?
- It proves domain ownership to ACM, enabling the issuance of the SSL/TLS certificate.
2. Setting Up Load Balancer and Passing Health Check
1. Pre-requisites
EC2 Instance Ready: Ensure an active web server is running on your EC2 instance.
Network and Security Group Config: Confirm VPC, subnet, and port settings for your EC2 instance.
2. Create Target Group
Create Target Group: Use the EC2 menu to create a target group.
Select Target Type: Choose 'Instance' and set the appropriate port (ex., 3000 for frontend in my case).
Target Group Created: Complete the setup and create the target group.
3. Create Load Balancer (ALB)
Select ALB: Choose Application Load Balancer.
Network Mapping: Match the VPC and subnets with your EC2 instance. (At least 2 availability zones required for high availability)
- Q: Why 2 availability zones?: To ensure high availability and fault tolerance.
Set Up Listeners: Create listeners for HTTP (80) and HTTPS (443).
Apply ACM Certificate: Attach the previously issued SSL/TLS certificate.
Complete Load Balancer Setup: Finalize and create the load balancer.
Redirect HTTP to HTTPS: Edit the rule to redirect HTTP (80) traffic to HTTPS (443) for secure communication.
4. Create Domain Record
Create A Record: In Route 53, create an A record linking your domain to the load balancer.
- Q: What is the significance of the A record?: It maps your domain name to the load balancer’s IP address, directing traffic accordingly.
A Record Creation Complete: The domain is now linked to the load balancer.
5. Configure Load Balancer Listener Rules
HTTPS:443 Listener: Set it to forward 100% of traffic to the created target group.
HTTP:80 Listener: Add a rule to redirect traffic to HTTPS (443).
Listener Rules Set: Ensure the listener rules are properly configured.
6. Set Up Health Check
Edit Health Check: Modify the Health Check settings in the target group.
Set Health Check Path and Success Codes: Configure the path and expected success response (200 status code).
Configure Web Server: Ensure your web server responds correctly to the Health Check path.
Health Check Passed: Once the Health Check is successful, the load balancer will distribute traffic reliably.