Currently running session on a VPC.
ACM >>> (cname) >>> Route53 <<<(elastic IP)>>> ec2 >>> Load Balancer >>> VPC >>>Target Group > EC2 Instance
Default launch-wizard security group has 443 port for HTTPS, 22 port for SSH, 80 port for HTTP access.
Determines which ports are open when accessing EC2.
Also determines which IP addresses can access the instance.
protocol definitions
defines target
setups monitoring
where you add target group to the instance
Where you define pending targets
scheme as internet or internal facing
maps to vpc (target group)
selectts subnet and security group
Define listeners and rules here.
Define VPC availability zones here.
Links ACM cert here.
In most organizations the SSL is terminated on the load balancer and internal traffic is plain HTTP
ELB should configure HTTP and HTTPs listeners, and the target .
You also need to make every subnet of the region be available.
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is allocated to your AWS account, and is yours until you release it. By using an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. Alternatively, you can specify the Elastic IP address in a DNS record for your domain, so that your domain points to your instance
create > associate with instance
If you release the elastic IP, make sure you also delete the DNS record pointing to it. If you don't, you will have a dangling DNS record that can be taken over by an unauthorized user.
need to do this to allow certificate from ACM to be used with the load balancer.