4

I am trying to install a wildcard certificate in my AWS lightsail instance load balancer. But the Lightsail instance does not allow wildcard certificate. Although EC2 loadbalancer allows wildcard certificate. Can anyone explain how i can use EC2 Load balancer with a Lightsail instance?

I tried this step by Mr. Colin. Wildcard SSL on Lightsail Load Balancer

But I dont see my instance there can anyone give a little bit more detail

Raj Lal
  • 43
  • 3

2 Answers2

2

From load balancer's target group creation, there is an option which uses IP address instead of Instance.

So if you did mistakenly create the Instance option, you need to:

1) Create another target group under IP address option.

2) Add your LightSail instance's private IP address into the new target group.

3) Ensure your LightSail security group to allow health check from load balancer.

Binh Nguyen
  • 1,891
  • 10
  • 17
  • thank you that was helpful "private IP" was what was missing in my understanding. I am still struggling with pointing my DNS Zone from Lightsail to the loadbalancer in EC2. Is that possible or I have to create a Hosted DNS Zone in EC2 – Raj Lal Apr 18 '20 at 21:55
  • 2
    What do you mean by "Lightsail security group"? AFAIK Lightsail doesn't have/use normal EC2 security groups. – Hendy Irawan Oct 01 '20 at 09:29
1

Unfortunately, based on my research, AWS Lightsail cannot be accessed directly using private IP addresses with regular/non-Lightsail services, because Lightsail does not use your regular VPCs.

This includes and especially affects EC2 (Application/Network) Load Balancer.

To use Lightsail with other AWS services, you can set up VPC Peering. For how much, you may ask?

There is no charge for setting up or running a VPC peering connection. Data transferred across peering connections is charged at $0.01/GB for send and receive, regardless of the Availability Zones involved.

So, depending on your priorities, your options include:

  1. Switch to EC2, which will give you greater flexibility and (depending on instance type) guaranteed performance. Lightsail instances use burstable instances, comparable to EC2's t3 instances.
  2. Install nginx inside Lightsail as reverse proxy on port 80 and/or 443, therefore expanding your options to use it directly or using an external CDN/Load balancer such as CloudFlare.
  3. Use Lightsail Load Balancer, and not use wildcard certificate.
Hendy Irawan
  • 20,498
  • 11
  • 103
  • 114