How to apply SSL for HTTPS to Node Express API in AWS EC2 instance

If your API is not configured yet on an EC2 instance, follow the following article — How to deploy a Node Express API to an AWS EC2 instance

How to deploy Node Express API to an AWS EC2 instance

Diagram here

Once you’ve deployed your NODE EXPRESS API to an AWS EC2 instance

And if is still in HTTP and not HTTPS

In this tutorial, we are now going to secure our NODE EXPRESS API with HTTPS with SSL using an Application Load Balancer and Route 53.

Steps overview

1. Register a domain name in Route 53 around $12 per year
2. Request an FREE SSL certificate from Certificate Manager
3. Create an Application Load Balancer (ALB) with target groups
4. Configure ALB to point to the Security Group that has the access to the ports that allows connection to the EC2 instance

Step 1 — Register domain name using Route 53

Go to Route 53 AWS service, and purchase a domain name

Click on Register domain

Find your available domain

for example mydomainjs.com

Go through the purchasing etc…

Then once you registered the domain you may continue on the next steps.

Step 2— Generate an SSL certificate from Certificate Manager

Go to AWS Certificate Manager and generate SSL Certificate

Request a Public certificate — then click Next

Request a public certificate with the variations on domain names, this way your domain will work for all sub-domains and when users use the www

'yourdomain'.com
*.'yourdomain'.com
www.'yourdomain'.com

Add your domain name variations then click Request

The certificate is NOT generated immediately, it could take some time, usually around 30mins or so.

Step 3— Create an Application Load Balance (ALB)

Go to EC2 instances, then select Load Balancers

Click on Load Balancers

Create Load Balancer

Give it a name and keep the defaults here

For Network Mapping select at least 2

Next it will ask you to create a Target Group this is basically where it will be listening for connections on the port of your NODE API server, for example 5001

Use the HTTP — then port that your API is listening on

Leave the rest as defaults, then click next

Select the EC2 instance where your API is running then click on Include as Pending below, then click Create Target Group

Select EC2 then add as pending to the TG

Then go back to your Application Load Balancer creation and click refresh to get the new Target Group

Select TG created as well as the SSL Certificate

Click on Create Load balancer

Now we have to edit the Security group of the ALB to make sure is using the same Security group as the EC2 instance, in order to allow the same port connections

Once Created click on Edit Security Groups

Select the same Security Group configured for the EC2 instance

Step 4— Configure Route53 to send traffic to new ALB

Then we have to tell Route53 that any traffic going to that domain name with the API port, now needs to be routed to this new ALB created previously.

1. Select your domain
2. Then click on Create Record
3. Then select Simple Routing
4. then select Define Simple Record

Notice this is my domain name, you should have a different domain name

5. Select A Routes

6. Select Application and Classic Load Balancer

7. Select the same region where you configured the EC2 and the ALB

8. Select the ALB

9. Create another record type AAAA with the same settings like below.

Then

Finally you should be able to visit your domain name with the port where your API is listening and it should all work properly

As always any comments or feedback as welcomed, maybe I missed a spelling or something, please let me know, thank you 😎