Add a Listener to Your Load Balancer

To add a new listener to your load balancer

1. Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. On the Amazon EC2 Getting Started page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.

3. On the Load Balancers page, select your load balancer.

4. The bottom pane displays the details of your load balancer.

5. Click the Listeners tab.

6. In the Listeners table Load Balancer Protocol column, select HTTPS (Secure HTTP) from the drop-down box. This populates the box in the Load Balancer Port column. In the Instance Protocol column, select HTTP from the drop-down box, then enter port number 80 for the instance port in the Instance Port box.

   

7. The Elastic Load Balancing service provides you with sample cipher policies, ELBSample-ELBDefaultCipherPolicy and ELBSample-OpenSSLDefaultCipherPolicy. You can select one of the sample policies or customize your own ciphers. A default policy will be used if none is specified.

   1. To specify a cipher policy, select Change in the Cipher box.

   2. On the Configure Cipher page, select one of the sample policies provided.

   3. Or, select Custom to customize your own ciphers, then select the protocol version and the ciphers from the list box.

      Note

      You must enable at least one protocol version and one cipher for SSL negotiation to take place.

   4. Click Save.

      

8. Click Select in the SSL Certificate box to specify an SSL certificate to install on your load balancer.

   Note

   To enable HTTPS support for your listeners, you must install an SSL server certificate on your load balancer. The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. Elastic Load Balancing uses AWS Identity and Access Management (IAM) to upload your certificate to your load balancer. If you do not have an SSL certificate, go to Creating and Uploading Server Certificates in Using AWS Identity and Access Management for instructions on creating and uploading SSL certificates.

9. In the Configure SSL Certificate page, select Choose from your existing SSL Certificates to use the previously uploaded SSL certificate and select the certificate from the drop-down box.

10. Alternatively, select Upload a new SSL Certificate if you have an SSL certificate and want to upload using AWS Identity and Access Management.

    Check if your certificate meets the following criteria:

    • Certificates must follow the X.509 PEM format.

    • The current date must be between the certificate’s start and end date.

    • Public and private certificate files must contain only a single certificate.

    • The private key must match the public key that is in the digital server certificate.

    • The private key must be an RSA private key in PEM format, where the PEM header is BEGIN RSA PRIVATE KEY and the footer is END RSA PRIVATE KEY.

    • The private key cannot be encrypted with a password.

    • A certificate chain starts with the immediate signing certificate and is then followed by any intermediaries in order. Intermediaries that are not involved in the trust path must not be included. The trusted root certificate can be optionally included as the last certificate.

    If your certificate does not meet the criteria, you might get an error when you upload it. Create a new SSL certificate and upload the certificate using AWS Identity and Access Management (IAM). For instructions on creating and uploading the SSL certificate, go to Creating and Uploading Server Certificates in Using AWS Identity and Access Management.

    If your certificate meets the criteria, step through the following instructions to continue uploading your SSL certificate.

    1. Enter the name of the certificate to upload.

    2. Copy and paste the contents of the private key file (PEM-encoded) in the Private Key box.

    3. Copy and paste the contents of the public key certificate file (PEM-encoded) in the Public Key Certificate box.

    4. [Optional] Copy and paste the contents of the public key certificate chain file (PEM-encoded) in the Certificate Chain box.

       Note

       The certificate chain must be ordered such that the root certificate is the last certificate in the chain. If you use a certificate chain in a different order, you will receive an error.

    5. Click Save.

       

11. Click Save in the Actions box.

To add a new listener to your load balancer

1. Get the Amazon Resource Name (ARN) of your SSL certificate.

2. Enter the command elb-create-lb-listeners as in the following example.

   PROMPT> elb-create-lb-listeners MyLoadBalancer --listener "protocol=HTTPS,lb-port=443,instance-port=80,instance-protocol=HTTP, cert-id=arn:aws:iam::55555555555:server-certificate/production/myCert"

3. Enter the command elb-describe-lbs as in the following example to view the updated details of your load balancer MyLoadBalancer.

   PROMPT> elb-describe-lbs MyLoadBalancer

   The operation returns a list of updated configurations of your load balancer.

To add a new listener to your load balancer

1. Get the Amazon Resource Name (ARN) of your SSL certificate.

2. Call CreateLoadBalancerListeners with the following parameters:

   • Listener

     • Protocol = HTTPS

     • InstanceProtocol = HTTP

     • InstancePort = 80

     • LoadBalancerPort = 443

     • SSLCertificateID = arn:aws:iam::55555555555:server-certificate/production/myCert

   • LoadBalancerName = MyLoadBalancer

3. Call DescribeLoadBalancers as in the following example to view the updated configuration information of your load balancer.

   • LoadBalancerName = MyLoadBalancer

   The operation returns a list of updated configurations of your load balancer.

   For detailed descriptions of this Elastic Load Balancing API action, see CreateLoadBalancerListeners in the Elastic Load Balancing API Reference.