AWS - SSL/HTTPS on load balancer

Do you have an HTTPS listener on your EC2 instance? If not, your instance port should be 80 for both load balancer listeners.


Elastic Load Balancer can not forward your HTTPS requests to the server. This is why SSL is there : to prevent a man in the middle attack (amongst others)

The way you can get this working is the following :

  • configure your ELB to accept 443 TCP connection and install an SSL certificate through IAM (just like you did)
  • relay traffic on TCP 80 to your fleet of web servers
  • configure your web server to accept traffic on TCP 80 (having SSL between the load balancer and the web servers is also supported, but not required most of the time)
  • configure your web servers Security Group to only accept traffic from the load balancer.

  • (optional) be sure your Web Servers are running in a private subnet, i.e. with only private IP addressed and no route to the Internet Gateway

If you really need to have an end-to-end SSL tunnel between your client and you backend servers (for example, to perform client side SSL authentication), then you'll have to configure your load balancer in TCP mode, not in HTTP mode (see Support for two-way TLS/HTTPS with ELB for more details)

More details :

  • SSL Load Balancers : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPS.html
  • Load Balancers in VPC : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosForVPC.html