Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
SSL Certificates
  • SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network.

HTTP Listener

  • You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload).
    • This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions.
  • To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer.
  • The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets.
  • The load balancer requires X.509 certificates (SSL/TLS server certificates).
  • Certificates are a digital form of identification issued by a certificate authority (CA).

Server Name Indication (SNI)

  • When a browser connects to your TLS-enabled ALB, ALB presents a certificate that contains your siteโ€™s public key, which has been cryptographically signed by a CA.
    • This way the client can be sure itโ€™s getting the โ€˜real youโ€™ and that itโ€™s safe to use your siteโ€™s public key to establish a secure connection.
  • With SNI support, AWS makes it easy to use more than one certificate with the same ALB.
  • The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.
  • SNI is supported by over 99.5% of clients connecting to CloudFront.
  • Only works with ALBs and NLBs.
  • Support:
    • CLBs:
      • Only support 1 SSL certificate, so to get multiple certificates, you must use multiple CLBs.
    • ALBs and NLBs:
      • Use SNI to support multiple listeners with multiple certificates.