Application Load Balancers should use HTTPS

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Use HTTPS to secure communication between your application client and an Elastic Load Balancer (ELB) listener.

Rationale

Without an HTTPS listener, front-end connections are vulnerable to exploits, such as man-in-the-middle (MITM) attacks. Securing all communication between your application client and ELB listener ensures sensitive data is protected.

Remediation

From the console

Follow the Create an HTTPS listener for your Application Load Balancer doc to learn how to create a listener that checks for connection requests.

From the command line

  1. Run list-certificates to retrieve the ARN of your SSL certificate. If you do not have an SSL certificate, follow the Create or import an SSL/TLS certificate doc.

  2. Run create-listener using the ARN of the load balancer and SSL certificate.

     aws elbv2 create-listener \
     --load-balancer-arn arn:aws:elasticloadbalancing:region:123456789012:loadbalancer/app/my-load-balancer/12ab3c456d7e8912 \
     --protocol HTTPS \
     --port 443 \
     --certificates CertificateArn=arn:aws:acm:region:123456789012:certificate/1abc0c41-bd73-5445-9ab9-123456a23456 \
     --ssl-policy ELBSecurityPolicy-2016-08 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:region:123456789012:targetgroup/my-targets/12ab3c456d7e8912