Menu
AWS Certificate Manager
User Guide (Version 1.0)

Getting Started with Elastic Load Balancing

You do not install your ACM Certificate directly on the Amazon EC2 instances that contain your website or your application. Instead, you associate the ACM Certificate with an AWS service, such as Elastic Load Balancing. Elastic Load Balancing improves the availability of your website or application by automatically distributing incoming traffic across your Amazon EC2 instances. The load balancer serves as a single point of contact for clients. This is shown by the following illustration.

General ACM diagram for ELB

You must perform the following steps to use ACM with a load balancer.

  1. Install a website or application on one or more Amazon EC2 instances.

  2. Create an Elastic Load Balancing load balancer to route client traffic to the Amazon EC2 instances.

  3. Use the ACM console, API, or AWS Command Line Interface to request an ACM Certificate.

  4. Use the Elastic Load Balancing console, API, or AWS CLI to provision the ACM Certificate on the load balancer.

  5. Clients access the website through the load balancer.

  6. The load balancer distributes client traffic to the Amazon EC2 instances.

Using the Elastic Load Balancing Console

You can access Elastic Load Balancing by signing into the management console and opening the Amazon EC2 console at https://console.aws.amazon.com/ec2/. For thorough instructions about creating an HTTPS load balancer from the Amazon EC2 console, see Create an HTTPS Load Balancer in the Elastic Load Balancing Developer Guide.

Quick Start Using the Elastic Load Balancing Command Line

The AWS CLI offers multiple Elastic Load Balancing commands that you can use to associate an ACM Certificate with a new or existing load balancer. For example, if your website was created on an Amazon EC2 instance that uses the default Amazon VPC, you can use the following command to create a new load balancer:

aws elb create-load-balancer --load-balancer-name name --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:aws:acm:region:your-account-id:certificate/12345678-1234-1234-1234-123456789012 --availability-zones availability-zone

If your website was created on an Amazon EC2 instance that does not use the default Amazon VPC, you can use the following command to create a new load balancer by specifying the subnet and security group:

aws elb create-load-balancer --load-balancer-name name --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:aws:acm:region:your-account-id:certificate/12345678-1234-1234-1234-123456789012 --subnets subnet-ID --security-groups sg-security-group-ID

You can use the following command to modify an existing load balancer:

aws elb create-load-balancer-listeners --load-balancer-name name --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:aws:acm:region:your-account-id:certificate/12345678-1234-1234-1234-123456789012

Regardless of the AWS CLI command you choose to associate an ACM Certificate with a load balancer, you must also ensure that the load balancer is associated with the running Amazon EC2 instances that contain your website or application.

To associate an Elastic Load Balancing load balancer with an EC2 instance

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under LOAD BALANCING, choose Load Balancers.

  3. Select the load balancer you just created or modified.

  4. Select the Instances tab.

  5. Choose Edit Instances.

  6. Select the running Amazon EC2 instance that you want to add to the load balancer and choose Save.

Editing Your DNS Records to Point to Your Load Balancer

Create a record in your DNS server to direct traffic from your site name to the load balancer. For example, if your DNS server is Amazon Route 53, perform the following steps.

To create a DNS record set for your load balancer in Amazon Route 53

  1. Sign in to the AWS Management Console and open the Amazon Route 53 console at https://console.aws.amazon.com/route53/.

  2. Under DNS management, choose Hosted zones.

  3. Select the domain that you want to modify.

  4. Choose Create Record Set.

  5. Type the name of your site.

  6. For Type, choose A - IPv4 address.

  7. Choose Yes for Alias:.

  8. For Value, enter the DNS name of your load balancer. The DNS name is created when you create a load balancer. You can find it by going to the Amazon EC2 console, choosing Load Balancers in the navigation pane, and selecting a load balancer. The DNS name is located under the Description tab. For example, Test-2053830424.us-east-1.elb.amazonaws.com.

  9. Choose Create.

If you use a different DNS provider, create a CNAME record using the name of your site and the DNS name of your load balancer as in the following example:

www.example.com CNAME your-ELB-DNS-Name.us-east-1.elb.amazonaws.com

You can migrate an existing domain from another DNS service to Amazon Route 53. For more information, see Migrating DNS Service for an Existing Domain to Amazon Route 53.