Create a listener for your Network Load Balancer - Elastic Load Balancing

Create a listener for your Network Load Balancer

A listener is a process that checks for connection requests. You define a listener when you create your load balancer, and you can add listeners to your load balancer at any time.


  • You must specify a target group for the listener rule. For more information, see Create a target group for your Network Load Balancer.

  • You must specify an SSL certificate for a TLS listener. The load balancer uses the certificate to terminate the connection and decrypt requests from clients before routing them to targets. For more information, see Server certificates.

Add a listener

You configure a listener with a protocol and a port for connections from clients to the load balancer, and a target group for the default listener rule. For more information, see Listener configuration.

To add a listener using the console
  1. Open the Amazon EC2 console at

  2. In the navigation pane, choose Load Balancers.

  3. Select the name of the load balancer to open its details page.

  4. On the Listeners tab, choose Add listener.

  5. For Protocol, choose TCP, UDP, TCP_UDP, or TLS. Keep the default port or type a different port. For dualstack Network Load Balancers, only the TCP and TLS protocols are supported.

  6. For Default action, choose an available target group.

  7. [TLS listeners] For Security policy, we recommend that you keep the default security policy.

  8. [TLS listeners] For Default SSL certificate, do one of the following:

    • If you created or imported a certificate using AWS Certificate Manager, choose From ACM and choose the certificate.

    • If you uploaded a certificate using IAM, choose From IAM and choose the certificate.

  9. [TLS listeners] For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN. For more information, see ALPN policies.

  10. Choose Add.

  11. [TLS listeners] To add an optional certificate list for use with the SNI protocol, see Add certificates to the certificate list.

To add a listener using the AWS CLI

Use the create-listener command to create the listener.