stackoom
  简体   繁体   中英

What is the easiest and fastest way to add HTTPS to an AWS EC2 instance?

 原文  2022-07-13 18:22:54       amazon-web-services/ amazon-ec2

Question

I created an EC2 instance. It has a default URL like this:

http(s)://ec2-000-000-000-000.us-east-1.compute.amazonaws.com

I'm ok with this URL, the server is to be used for API calls, so I don't care about it - any URL will do, but I need it to be HTTPS (because it will be called from frontend of a website with HTTPS).

I know that I need a certificate, but I didn't find a way to get a certificate for the standard EC2 URL. So the question is: what is the easiest and fastest way to configure HTTPS without using a custom domain? If there are many ways, please, list them all.

2 answers

solution1
 4  2022-07-13 19:03:33

Option 1 (keeping ec2-000-000-000-000.us-east-1.compute.amazonaws.com domain):

You can only generate a self-signed cert, which I guess it's not what you want since browsers could block it.

Option 2 (using custom domain):

Issue a free cert with https://letsencrypt.org/

Option 3 :

Spin up a load balancer in front of your EC2 instance with AWS Certificate Manager and point your API to the LB endpoint https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/

solution2
 -1 ACCPTED  2022-07-27 15:01:54

It turned out to be pretty easy - it can be done with API Gateway.

  1. Create HTTP (not REST) API Gateway.
  2. Create a route: ANY /{path+}
  3. Attach an integration to the route with URI: http://ec2-000-000-000-000.us-east-1.compute.amazonaws.com:3000/{path} (the port number is up to you)

That's it, now API Gateway HTTPS URL can be used: https://00000000.execute-api.us-east-1.amazonaws.com .

The only downside - it's accessible from both API gateway and the EC2 original HTTP link. It can be solved with Network Load Balancer and VPC link. In the EC2 security group you should allow connection only from your VPC (something like 172.31.0.0/16 should work), or more precisely only from the availability zones of the Network Load Balancer. Read more here: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

Of course, API Gateway isn't free - you have to pay. And also you have to pay for the Network Load Balancer.

Alternatively you can configure CloudFront (there is a fee tier, but after it, you have to pay for the transferred data too) - maybe it will work, but it doesn't seem any better than API Gateway. I haven't tried it.

Also, you can use a secret prefix in the URL (and use it only in the API Gateway config) to make the URL effectively inaccessible without API Gateway and not configure the load balancer. As a temporary solution it's enough. In the long term, maybe it's worth using a custom domain for HTTPS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What's the easiest way for server in ec2 instance return https traffic? Easiest way to get EC2 instance attributes within the instance itself HTTPS on a EC2 instance Is there a way of creating AWS EC2 instance with postman? AWS Opsworks failed to add EC2 instance How to add volume to a ec2 instance on aws? Add SSM:GetParameter to AWS EC2 Instance Add user to login to an AWS EC2 instance How to add a HTTPS inbound rule to a security group on an Amazon AWS EC2 instance? Fastest way to download large files from AWS EC2 EBS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM