1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Using Elastic Load Balancing & EC2 Auto Scaling to support AWS workloads

SSL Server Certificates

The course is part of these learning paths

Solutions Architect – Professional Certification Preparation for AWS
course-steps 48 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5

Contents

keyboard_tab
Introduction
1
Introduction
PREVIEW3m 27s
Summary
10
Summary
7m 37s
play-arrow
Start course
Overview
DifficultyBeginner
Duration1h 5m
Students1368
Ratings
4.9/5
star star star star star-half

Description

Course Description

Elastic Load Balancing and EC2 Auto Scaling are widely used features within AWS to help you maintain reliability, availability and reduce costs within your environment.  As such, it's fundamental that if you are designing, operating or managing services within AWS you should be familiar with ELB and auto scaling concepts and configuration.  This course will explain and show you how to implement both and how they can work together.

Learning Objectives

By the end of this course you will:

  • Understand what an elastic load balancer is and what is used for
  • Be aware of the different load balancers available to you in AWS
  • Understand how ELBs handle different types of requests, including those that are encrypted
  • Be able to identify the different components of ELBs
  • Know how to configure ELBs 
  • Know when and why you might need to configure an SSL/TLS certificate
  • Understand what EC2 auto scaling is 
  • Be able to configure auto scaling launch configurations, launch templates and auto scaling groups
  • Explain why you should use ELBs and auto scaling together

Intended Audience

This course has been created for:

  • Engineers who are responsible for the day to day operations of maintaining and managing workloads across AWS
  • Solution Architects who are designing solutions across AWS infrastructure
  • Those who are looking to begin their certification journey with either the AWS Cloud Practitioner or one of the 3 Associate level certifications

Prerequisites

To get the most from this course then you should be familiar with basic concepts of AWS and be familiar with some of its core components, such as VPC and EC2.

You should also have an understanding of the AWS global infrastructure and the different components used to define it.  For more information on this topic, please see our existing blog post here: https://cloudacademy.com/blog/aws-global-infrastructure/.

Feedback

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

Transcript

Resources referenced

Regions supported by ACM

How to retrieve and list server certificates via ACM

Additional information on ACM

 

Lecture Transcript

Hello and welcome to this short lecture which will provide a high level overview of server certificates and how they are used within your elastic load balancers. 

As I mentioned in the previous lecture the Application Load Balancer provides a flexible feature set for your web applications running the HTTP or HTTPS protocols. As such, the ALB listener options available when creating your ALB are either the HTTP or HTTPS protocol on port 80 and 443 respectively. Configuration of your HTTP port 80 listeners is a fairly process and I'll cover this in the next lecture. However, there will times when you would need to use the HTTPS encrypted protocol as a listener and this requires some additional configuration. 

So let me run through some of the points when using HTTPS as a listener. HTTPS is an encrypted version of the HTTP protocol and this allows an encrypted communication channel to be set up between clients initiating the request and your Application Load Balancer. However, to allow your ALB to receive encrypted traffic over HTTPS it will need a server certificate and an associated security policy. 

SSL or Secure Sockets Layer, to give it its full name, is a cryptographic protocol, much like TLS, Transport Layer Security. Both SSL and TLS are used interchangeably when discussing certificates for your Application Load Balancer. The server certificates used by the ALB is an X.509 certificate, which is a digital ID that has been provisioned by a Certificate Authority and this Certificate Authority could be the AWS Certificate Manager service also known as ACM. This certificate is simply used to terminate the encrypted connection received from the remote client, and as a part of this termination process the request is then decrypted and forwarded to the resources in the ELB target group. 

When you select HTTPS as your listener, you will be asked to select a certificate using one of four different options available. Either choose a certificate from ACM, upload a certificate to ACM, choose a certificate from IAM, or upload a certificate to IAM. The first two options relate to ACM. An ACM is the AWS Certificate Manager and this service allows you to create and provision SSL/TLS server certificates to be used within your AWS environment across different services. This integration with ACM simplifies the configuration process of implementing a new certificate for your elastic load balancer and as a result, it's the preferred option. 

The last two options allow you to use a third party certificate by using IAM as your certificate manager and you would select this option when deploying your ALB's in regions that are not supported by ACM. For a list of supported regions, please see the following link. For detailed information on how to upload, retrieve, and list server certificates via IAM, please see the following AWS documentation. Using ACM as your certificate manager allows you to both create certificates from within ACM itself and also import existing certificates created from outside of AWS adding additional flexibility for your current third party certificates. The configuration of ACM is out of scope for this course. However, you can find further information on this service using the following link. 

Now it's brought me to the end of this lecture. In the next few lectures I shall be looking at the configuration of each of the defined load balancers, application, network, and classic, to provide you with more information on their components starting with the Application Load Balancer, the ALB.

About the Author

Students60644
Labs1
Courses55
Learning paths39

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 50+ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.