How to apply SSL for HTTPS to Node Express API in AWS EC2 instance
If your API is not configured yet on an EC2 instance, follow the following article — How to deploy a Node Express API to an AWS EC2 instance
Diagram here
Once you’ve deployed your NODE EXPRESS API to an AWS EC2 instance
And if is still in HTTP and not HTTPS
In this tutorial, we are now going to secure our NODE EXPRESS API with HTTPS with SSL using an Application Load Balancer and Route 53.
Steps overview
- Register a domain name in Route 53 around $12 per year
- Request an FREE SSL certificate from Certificate Manager
- Create an Application Load Balancer (ALB) with target groups
- Configure ALB to point to the Security Group that has the access to the ports that allows connection to the EC2 instance
Step 1 — Register domain name using Route 53
Go to Route 53 AWS service, and purchase a domain name
Find your available domain
Go through the purchasing etc…
Then once you registered the domain you may continue on the next steps.
Step 2— Generate an SSL certificate from Certificate Manager
Go to AWS Certificate Manager and generate SSL Certificate
Request a public certificate with the variations on domain names, this way your domain will work for all sub-domains and when users use the www
'yourdomain'.com
*.'yourdomain'.com
www.'yourdomain'.com
The certificate is NOT generated immediately, it could take some time, usually around 30mins or so.
Step 3— Create an Application Load Balance (ALB)
Go to EC2 instances, then select Load Balancers
Next it will ask you to create a Target Group this is basically where it will be listening for connections on the port of your NODE API server, for example 5001
Select the EC2 instance where your API is running then click on Include as Pending below, then click Create Target Group
Then go back to your Application Load Balancer creation and click refresh to get the new Target Group
Now we have to edit the Security group of the ALB to make sure is using the same Security group as the EC2 instance, in order to allow the same port connections
Step 4— Configure Route53 to send traffic to new ALB
Then we have to tell Route53 that any traffic going to that domain name with the API port, now needs to be routed to this new ALB created previously.
- Select your domain
- Then click on Create Record
- Then select Simple Routing
- then select Define Simple Record
5. Select A Routes
6. Select Application and Classic Load Balancer
7. Select the same region where you configured the EC2 and the ALB
8. Select the ALB
9. Create another record type AAAA with the same settings like below.
Then
Finally you should be able to visit your domain name with the port where your API is listening and it should all work properly
As always any comments or feedback as welcomed, maybe I missed a spelling or something, please let me know, thank you 😎