Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS EC2 Application Load Balancer + Two-Way SSL?

Is this possible to use AWS Application Load Balancer and use two-way ssl (client certificate)?

My current setup supports this using a classic ELB forwarding through tcp to a webserver endpoint. I now need to route traffic using the URL and wanted to do so using the AWS application load balancer if possible.

If not, any suggestion on how to route traffic using url in AWS?

like image 575
ThatChrisGuy Avatar asked Jan 11 '17 16:01

ThatChrisGuy


People also ask

Does AWS ALB support 2 way SSL?

No this is not supported. In order for the AWS Application Load Balancer (ALB) to route based on path it must inspect the HTTP content (application/layer 7).

How many SSL certs can you attach to an application load balancer?

You can bind up to 25 certificates per load balancer (not counting the default certificate).


2 Answers

No this is not supported. In order for the AWS Application Load Balancer (ALB) to route based on path it must inspect the HTTP content (application/layer 7). TCP forwarding load balancers only look at the TCP Packet (layer 4) and never inspect the actual content (needed to route based on path).

Of course a work around would be using AWS certificate manager and let them handle TLS/SSL termination for you. Then you could use ALB to route based on path.

like image 102
thun Avatar answered Oct 26 '22 04:10

thun


Use a either a classic load balancer or network load balancer with the passthru option. Aplication load balancers will strip the client cert out of the request

like image 30
woodwose Avatar answered Oct 26 '22 04:10

woodwose