Upgrade Your EC2 Instance: A Step-by-Step Guide to Securing Your Site with HTTPS!
Overview
To secure the public URL provided by a load balancer when connecting to an EC2 instance within the same VPC, it’s crucial to follow a structured approach. Start by acquiring a registered domain name from a trusted provider like GoDaddy. Next, configure your EC2 instance to function behind an Application Load Balancer (ALB) within the same VPC. Upload your domain to AWS Certificate Manager to obtain a verified SSL/TLS certificate. Finally, integrate this certificate into Route 53 and map it to your load balancer. This setup not only secures your connection but lays the foundation for seamless and reliable traffic management. Let’s dive deeper into the steps—you’re just a few clicks away from an airtight setup!
Prerequisite
Domain Name Registration
Obtain a domain name from a trusted third-party provider say GoDaddy for mapping your load balancer's public URL.Integration with ALB
Ensure your EC2 instance is connected to an Application Load Balancer within the same VPC to manage traffic securely and efficiently.
You can attain this by referring to this Linkedin post.
Steps
Step 1: Verify Your Domain with AWS Certificate Manager
- Go to AWS console and select ACM.
- Request a new certificate and keep it public.
- Here enter your domain name and keep the setting as selected below. By selecting DNS validation you will get the cname and and it's value.
- Copy paste the cname and value to Go Daddy DNS Records. By doing this the certificate will get verified in few minutes.
Once your certificate is successfully issued, the AWS Certificate Manager (ACM) process is complete.
Step 2: Configure Route 53 and Update Nameservers in GoDaddy
- Go to AWS Route53 and create your hosted zone with your domain and keep it public zone.
- Once the zone is created you will get NS records as shown.
- Go to Go Daddy and select nameservers and then change nameservers.
- Select the option 'I'll use my own nameservers' and paste the nameserver we got previously from Route53.
Once this is done then your Go Daddy will no more responsible for managing your nameservers. It will look something like this.
Once this is successfully done, the AWS Route53 process is complete.
General Knowledge
Nameservers are part of the Domain Name System (DNS) that translate domain names (like example.com) into IP addresses that computers use to identify each other. They are essential because they direct internet traffic to the correct server, ensuring users can access your website or application seamlessly.
Amazon Route 53 is a scalable DNS web service that connects user requests to internet resources like websites or applications. It manages domain names, routes traffic efficiently, and integrates with AWS services to provide secure, reliable, and highly available routing.
Step 3: Connect your Route53 to Application load balancer.
- Create a A record for your domain to connect your Route53 to Application Load Balancer and select 'switch to wizard'
- Select simple routing and proceed.
- Select 'Define Simple Record' and a pop up menu will appear like this.
- Select Application and Classic Load Balancer , the region where it is located and choose the load balancer you have created previously.
Once completed, you'll be able to connect your application using your IP address, but only via HTTP, not HTTPS.
Step 4: Final Step (Make it Https)
- Go to Certificate Manager , select your issued certificate and click 'Create record in Route53'. This will link a cname record of this certificate with Route53.
Now link the certificate to the load balancer. Go to your load balancer and add a listener for HTTPS:443.
Under Secure listener settings link your issued certificate from ACM.
Once completed, you'll be able to connect your application using HTTPS.
Conclusion
Congratulations! 🎉 You have successfully completed the HTTP to HTTPS tutorial. Your website is now securely encrypted, providing a safer browsing experience for your users. Great job!
Additionals
- Make sure your security groups inbound rules are accepting https traffic.
- You can redirect your http traffic to https in the rules section.
Top comments (11)
Great Blog
Well written. i remember when my team had this problem in azure and you gave us the shortcut method of getting https on azure issued uri :p
Thank you areeb , I'll make a new blog explaining the steps to proceed on Azure.
Very well written!
Very Insightful
Great
Very Informative Blog
Very interesting and insightful.
Very informative and insightful blog
Great work! Keep going…
Very interesting and informative!