This example walks you through the process of creating a HTTPS load balancer with SSL negotiation configurations and with back-end application instance authentication. You can optionally add tags.
Before you get started, be sure you've met the following preconditions:
Sign up for Amazon Web Services (AWS). If you haven't signed up for AWS yet, complete the steps listed in Sign Up for Amazon Web Services(AWS).
For this example, we use Availability Zone us-east-1a. In Availability Zone us-east-1a, launch the instances you intend to register with your load balancer. For more information about launching Amazon EC2 instances, see Launching and Using Instances.
The instances that you intend to register with your load balancer must be configured to receive requests from the Internet.
The instances to be registered with your load balancer must respond to the target of the health check with an HTTP status code 200. For information about Elastic Load Balancing health check, see Health Check.
If you plan to enable the keep-alive option on your EC2 instances, we recommend that you set the keep-alive settings to at least the idle timeout settings of your load balancer. If you want to ensure that the load balancer is responsible for closing the connections to your back-end instance, make sure that the value set on your instance for the keep-alive time is greater than the idle timeout setting on your load balancer. For information about load balancer idle timeout, see Idle Connection Timeout.
To enable HTTPS support for our listeners, you must first create an SSL certificate and then install it on your load balancer. The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. For information on how to create an SSL certificate, see SSL Certificate for Elastic Load Balancing.
All your SSL server certificates are managed by IAM. By default, IAM allows 10 SSL server certificates per AWS account. If you try to upload a new server certificate after reaching this limit, you'll get an error. You can request for more certificates using this form - IAM Limit Increase Contact Us Form.
The following sections include instructions for creating an HTTPS/SSL load balancer using the AWS Management Console or the AWS Command Line Interface (AWS CLI).
Important: Elastic Load Balancing CLI has been replaced by AWS Command Line Interface (AWS CLI), a unified tool to manage multiple AWS services. New features released after ELB CLI version 18.104.22.168 (dated 7/24/14) will be included in the AWS CLI only. We recommend that you start using the AWS CLI.
For a list of the functionality supported in previous ELB CLI versions, see Elastic Load Balancing API Tools.