Configure listeners on Amazon Web Services (AWS)
After having defined the load balancer and selected the certificate that you previously installed you will be on the Select Cipher page:
On the Select a Cipher page, you should have the default settings enabled:
Predefined Security Policy: ELBSecurity-Policy-2014-01
In the security policy drop-down list, select a policy.
Click Continue to configure back-end server authentication if needed.
How to cofigure listeners using the command line
Select the security policies amongst the available one. You can use the following command to check the available Security Policies:
PROMPT> elb-describe-lb-policies --headers
The output will be something similar to:
POLICY NAME TYPE_NAME POLICY ELBSecurityPolicy-2014-01 SSLNegotiationPolicyTypeE POLICY ELBSecurityPolicy-2011-081 SSLNegotiationPolicyTypeE POLICY ELBSample-ELBDefaultCipherPolicy SSLNegotiationPolicyTypeE POLICY ELBSample-OpenSSLDefaultCipherPolicy SSLNegotiationPolicyTypeE
The ELBSecurityPolicy-2014-01 policy uses server Order Preference to negotiate SSL connections and is the default policy enabled in AWS.
The elb-create-lb-policy command is used to create a SSL negotiation according to the recommended security policy ELBSecurityPolicy-2014-01.
The command you will run will look like this and include all the policy information:
PROMPT> elb-create-lb-policy MyLoadBalancer --policy-name MySSLNegotiationPolicy --policy-type SSLNegotiationPolicyType --attribute "name=Reference-Security-Policy,value=ELBSecurityPolicy-2014-01"
Configurer les ports d'écoute en utilisant l'API Query
You already got the Amazon Resource Name (ARN) of your SSL server certificate.
Configure listener:
Call CreateLoadBalancer with the following parameters:
- AvailabilityZones = us-east-1a
- Listener
- Protocol = HTTP
- InstanceProtocol = HTTP
- InstancePort = 80
- LoadBalancerPort = 80
- Listener
- Protocol = HTTPS
- InstanceProtocol = HTTPS
- InstancePort = 443
- LoadBalancerPort = 443
- SSLCertificateID = arn:aws:iam::55555555555:server-certificate/production/myCert
- LoadBalancerName = MyLoadBalancer
The operation returns the DNS name of your load balancer. Copy the DNS name in a safe place. You'll be using the DNS name to connect to the load balancer.