8

Is it possible to give a application load balancer on AWS a SSL certificate, allowing allowing only HTTPS connections, if I don't want to use a custom domain?

Currently developing some internal dashboard applications, so have no need/want for a domain name attached to them.

I can only dig up info and tutorials of creating to a certificate in Cloudformation, when wanting to add a domain forwarding to the LB.

gvasquez
  • 1,919
  • 5
  • 27
  • 41
OnIIcE
  • 811
  • 9
  • 27
  • 1
    So what domain would the ssl certificate be issued against? – MichaelB Jun 03 '19 at 17:24
  • What's missing, is "how do you access the dashboard." If you intend to do something like https://foo.com/dashboard, for example, you would rely on the load balancer and/or reverse proxy at foo.com to do the correct routing. If you intend to use a non standard domain, managed by local dns like https://dash.foo.local you'd have to install, use, and manage self signed certs. – Stephan Jun 03 '19 at 22:11

2 Answers2

1

Probably not.

It's not generally kosher to issue an SSL certificate to an IP address, and since all *.compute.amazonaws.com style DNS names are floating and could be reassigned at any moment, they damn well won't issue one for them either. (Same stands for Let's Encrypt, by the way: you have to have a DNS name not issued by a provider.)

Just give your internal service a DNS name, be it something like mydashboard.internal.mycompany.com or whatever; it'll be easier to access, too.

AKX
  • 152,115
  • 15
  • 115
  • 172
  • 2
    _they damn well won't issue one for them either_ Is that also the case with precise, default DNS name of Elastic Load Balancer, like `.eu-central-1.elb.amazonaws.com`? – Toreno96 Mar 26 '20 at 12:10
0

The SSL certificate has to have a valid DNS name associated with it in order to work. You need to request a certificate via ACM and then attach that to the ELB. You can configure the ELB to only have an HTTPS listener to force secure communication.

JonathanT
  • 366
  • 1
  • 6