Skip to content

Latest commit



295 lines (199 loc) · 13.4 KB

File metadata and controls

295 lines (199 loc) · 13.4 KB

Secure connection for WEB-application in AWS

This project describe how to create secure connection with HTTPs protocol with AWS resources.

AWS resources, that used in project


Create domaine

Create your domaine. You can buy it in AWS in Route53 or buy in other place. Also you can take fo free domaine for 1 year, for example in myFreenom.

Register domaine in AWS Route53

You need to register your domaine in AWS Route53.

1. Click on create hosted zone

Create hosted zone

2. You will see configuration menu like this (in future GUI can be changed)

Procces of creation hosted zone

  • Write your domaine name
  • Write description if you want
  • Choose type of hosted zone. If you need associate hosted zone with AWS VPC - use private hosted zone, else use public hosted zone
  • Add tag if it necessary
  • Click on create hosted zone

Menu of hosted zone

3. When you create hosted zone youu will see 2 records: NS (Name server), SOA (Start Of Authority). From NS you should write value.

In my case it is:


4. Value from NS record you need to register in your Domaine Service, which you create here.

In my case it is look something like this

Register nameservers in Domaine service

Congratulations! If you use free domaine, you register you domain in AWS Route53 without extra pay!

Create certificate for domaine

1. Open AWS Certificate Manager and click on Reguest a certificate.

Request a certificate from AWS CM

2. Click on Request a public certificate.

Request a public certificate in AWS SM

3. Configure your certficate.

Write full name of domaine, than choose validation method. If you use DNS validation - you will add extra record on Route53 to validate your domaine from AWS (it is *recommended** way). If you use Email validation - you will recive validation massage on your domaine email (for example: [email protected]). Than choose tags if it necessary for you and click Request.

Request public certificate in AWS CM

4. Copy your certificate.

You will see Domains something like this. You need copy CNAME name and CNAME value.

Certificate domaine

5. Create new record in AWS Route53.

Now your certificate has "pending" status. You need to create new record on AWS Route53. Return to Route53, choose your hosted zone and click on Create record.

Create new record in Route53

6. Configuration of new record

When you create new record, you need:

  • Paste CNAME name to Record name. Be carefull, and remove from CNAME your domaine name. For example, in my case I remove
  • Choose CNAME - Routes traffis to another domaine name and to some AWS resources as a record type
  • Paste CNAME value to value
  • click on Create records

Create CNAME record in Route53

7. Waiting for confirmation

Wait 1-2 minutes and your certificate will have Success status

Success status on AWS CM

Create EC2 instance

1. Search EC2 service and click on Launch instance

Launch instance one AWS EC2

2. Now you need to create AWS EC2 instance.

2.1 Choose name of EC2, OS and instance type.

Choose name of AWS EC2 Choose OS and instance type of AWS EC2

2.2 Choose key pair if you want to SSH conncection to server. If it is your first type, firtsly create key pair and download private key, you will need that key wor SSH conncection.

Create SSH key for AWS EC2 Choose SSH key for AWS EC2

2.3 Create Security group.

Security Group (SG) - it is AWS Firewall for your webservers. Input nesessary ports, choose protocol and choose source. Source - it is destination IP-address that will allow traffic, if you want allow traffic from all IP in the Internet use If you need SSH connection, open 22 port. Also you will need HTTP and HTTPs port (80, 443). Also you need to choose network (VPC).

Create Security Group for AWS EC2 Choose network for AWS EC2

My Security group:

Port Protocol Source
22 TCP My IP
80 TCP (All IPv4)
443 TCP (All IPv4)

2.4 Choose size and type of your storage.

AWS has differant types of storage, you can reed about it here

Choose storage for AWS EC2

2.5 Add user data.

CLick on Advance settings and scroll down. Copy/paste this script and paste into user data. This script will be running after installation of OS and install to your server Apache2. Also you can customize this user data if nessecary.

sudo apt update
sudo apt dist-upgrade -y
sudo apt install -y apache2

User data for AWS EC2

3. Review your instance confguration and click Launch instance

Summary of AWS EC2 instance

Create Load Balancer and Target Groups

Unfortunately, you can`t install SSL/TLS certificate to AWS EC2 instance, but you can attach certificate to load balancer and have secure connection to your web-appliaction.

1. Create Target Groups (TG)

Open AWS EC2 GUI console and scroll down throw navigation panel that located on left side. You will see menu Load balancing, click on Target groups, than click on Create target group.

Load balancing menu Create TG for ALB

1.1 Choose targe type instance.

Choose target type for TG

1.2 Write name for TG and choose protocol

In ths case, I use HTTP, because after ALB traffic will be decrypt.

Choose protocol for TG

1.3 Choose health check for you servers.

It is mean, that ALB will check if your server heathy, if now it can create new server or give you notification about server. In this example, I do not create "blue-green deployment" and do not give notification about servervs health. By default, I use HTTP protocol and path "/", it is mean that ALB will be checked root directory (index.html page) of web-application.

Create health check for TG

1.4 Register targets for TG Priviously, we create AWS EC2 instance. Now, we can register this instance to the TG. Secelt you instance and click on Include ad pending below.

Register AWS EC2 instance with TG Register AWS EC2 instance with TG (2) Creation of TG

2. Create Application Load Balancer (ALB)

You can choose what type of load balancer you want. AWS support Classic Load Balancer (Previous genetation) and Application Load Balancer for SSL/TLC certificates. In this project I use ALB.

2.1 Open EC2 and search load balncing. You will see Load balancer, go there and click Create Load Balancer.

Create Application Load Balancer

2.2 Choose Aplication Load Balancer and click on Create

2.3 Now you can configure your load balancer

In my case i use this configuration:

Type value
Name webserver-alb
Scheme Internet-facing
IP address type IPv4
VPC default
Mappings us-east-2(a,b,c)
Security groups Open ports: 80, 443 (HTTP, HTTPs)
Listeners and routings HTTP, HTTPs (default action: TG from previous step)
Security listener settings ELBSecurityPolicy-2016-08, From ACM

Creation of Application Load Balancer Creation of Application Load Balancer (network) Creation of Application Load Balancer (security group) Creation of Application Load Balancer (listeners) Creation of Application Load Balancer (additional)

After configuration of ALB, you can click on Create load balancer

2.4 Create new record for ALB in Route53

Return to AWS Route53 and go to your domain. Click on create record. If you need to register you ALB with the same address as the domain, you could leave the field empty Record name. Go to Alias name and press checkbox Yes. In alias you need to select Application Load Balancer, select you region and click on youe Application load balancer.

Create record in AWS Route53 from ALB New record for Application Load Balancer from Route53

2.5 Create redirection from 80 to 433 ports

It is optional step, but if you want to have redirection from HTTP to HTTPs, you can return to Application Load Balancer, choose your ALB and click on Listeners. Choose HTTP: 80 and click on edit. Remove forwarding as a default option and select redirection with 443 port.

Edit redirection from HTTP to HTTPs in ALB Edit redirection from HTTP to HTTPs in ALB (configuration)