0

Title basically says it all, I'm curious if there's a service that can handle the SSL layer and then send data to an ec2 instance over plain HTTP (inside the VPN).

Application load balancers work just fine for this purpose, but they are expensive (10$/month, adds up if you want a certificate on e.g. dozens of subdomains) and annoying to set up and manage due to the many layers of abstraction they use.

George
  • 115
  • 6
  • Public AWS Certificates from ACM are free, and you can put multiple domains on a cert if you want to. You could run a EC2 instance with Nginx or HAProxy, but that's not going to be a huge saving over running an ALB. Nginx / HAProxy can easily proxy many, many domains, ALB can as well I think but haven't used it recently so I forget the details. – Tim Apr 19 '20 at 01:35
  • Can you actually download the private cert ? – George Apr 19 '20 at 09:00
  • But at any rate, an nginx would work in my case, but I'd be too much hassle, especially considering I'd have to scrip the updating of certificates whenever I renewe the AWS provided cert. – George Apr 19 '20 at 09:00
  • You can't download ACM certificate private keys. If you use Nginx or similar you're best off using Let's Encrypt. There are tools that automatically renew LE certificates for you, I use one but I won't recommend it as it's not well maintained any more. – Tim Apr 19 '20 at 18:25

1 Answers1

1

Take a look at using CloudFront to terminate the SSL layer. You can still use ALB between CloudFront and your EC2 instance(s) if you want.

CloudFront distributions are priced based on requests/data transferred. So a CloudFront distribution that's not used much won't cost much.

Matt Houser
  • 10,053
  • 1
  • 28
  • 28