I have an application and api running/hosted in same aws ec2 instance . I have enabled ssl cert using acm via load balancer for application domain . However , my api is exposing via ec2 public ip i.e http://ec2ip. In such scenario how can I bind ssl cert in IP address i.e https://ec2ip ?
Asked
Active
Viewed 200 times
-1
-
1Does this answer your question? [Is it possible to have SSL certificate for IP address, not domain name?](https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name) – cnvzmxcvmcx Apr 22 '21 at 20:14
-
Why not also send the API requests through the load balancer? – Mark B Apr 22 '21 at 20:16
2 Answers
0
You ideally don't want to have a public IP on your load-balanced EC2. You can achieve this by placing the EC2s in a private subnet. This will need bastion server in order to SSH though.
If you absolutely want HTTPS on an IP address, this SO page is the answer. If you do set that up, make sure that it is an elastic IP address.
cnvzmxcvmcx
- 1,061
- 2
- 15
- 32
0
If you have load balance you shouldn't directly access your instance using public IP. As per AWS documentation you shouldn't even have a public IP address for your instance.
someday if you run security assessment to your aws environment, AWS Foundational Security Best Practices v1.0.0 will be failed because of public IP.
EC2 instances should not have a public IPv4 address
This all about security concerns. Typically, only a Load Balancer is exposed to the Internet.
Thiwanka Wickramage
- 782
- 1
- 10
- 22