Elastic Load Balancing
Developer Guide (API Version 2012-06-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Create a HTTPS/SSL Load Balancer

This example walks you through the process of creating a HTTPS load balancer with SSL negotiation configurations and back-end application instance authentication.

Before you get started, be sure you've met the following preconditions:

  • Sign up for Amazon Web Services (AWS). If you haven't signed up for AWS yet, complete the steps listed in Sign Up for Amazon Web Services(AWS).

  • Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    Alternatively, you can create a load balancer using the command line interface or the Query API. Install the tools you'll need to perform Elastic Load Balancing tasks. For information on installing the command line interfaces and the Query API, see Setting Up Elastic Load Balancing Interfaces.

  • For this example, we use Availability Zone us-east-1a. In Availability Zone us-east-1a, launch the instances you intend to register with your load balancer. For more information about launching Amazon EC2 instances, see Launching and Using Instances.

  • Install a webserver, such as Apache or Internet Information Services (IIS), on the EC2 instances you plan to register with the load balancer.

  • The instances to be registered with your load balancer must respond to the target of the health check with an HTTP status code 200. For information about Elastic Load Balancing health check, see Health Check.

  • If you plan to enable the keep-alive option on your EC2 instances, we recommend that you set the keep-alive settings to at least the idle timeout settings of your load balancer. By default, the load balancer maintains a 60-second idle timeout for the connections. You can change the idle timeout setting at any time. If you want to ensure that the load balancer is responsible for closing the connections to your back-end instance, make sure that the value set on your instance for the keep-alive time is greater than the idle timeout setting on your load balancer. For information about load balancer idle timeout, see Idle Connection Timeout.

  • To enable HTTPS support for our listeners, you must install SSL certificate on your load balancer. Before you can install the SSL certificate, you must first create and then upload the SSL certificate using IAM. The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. For information on how to create an SSL certificate, see SSL Certificate for Elastic Load Balancing.

    All your SSL server certificates are managed by IAM. By default, IAM allows 10 SSL server certificates per AWS account. If you try to upload a new server certificate after reaching this limit, you'll get an error. You can request for more certificates using this form - IAM Limit Increase Contact Us Form.

Tasks for Creating a HTTPS Load Balancer with SSL Cipher Settings and Back-end Server Authentication


Configure the listeners for your load balancer by specifying the ports and protocols to use for front-end connection (client to load balancer) and back-end connection (load balancer to back-end instance) and install SSL server certificate on your load balancer.


Configure SSL ciphers for SSL negotiation when a connection is established between the client and your load balancer.


[Optional] Enable the back-end server authentication.


Configure an application health check for your back-end instances.


Register Amazon EC2 instances with your load balancer.


Verify the details of your newly created load balancer.

The following sections include instructions for creating a load balancer using the AWS Management Console, the command line interface, or the Query API.