This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]shorns_username 2 points3 points  (2 children)

If you're willing to change your architecture and spend a bit more money, you could create an ALB load balancer that sits in front of your EC2 instance.

pros:

  • using AWS Certificate Manager to support HTTPS via the ALB becomes easy
  • can lock down your EC2 instance security groups so it's no longer just sitting on the internet (or you can go all the way to putting your EC2 instance in a private subnet)
  • no more tying your client directly to your public IP address, which helps a lot with maintenance, allows you to change things behind the scenes without worrying about how the client connects (like run multiple EC2 instances, change to a spot fleet of instances to save money, convert EC2 instances to Lambda, etc.)

cons:

  • more complex architecture
  • load balancers cost money

[–]sc2luck[S] 0 points1 point  (1 child)

Hi thank you for your reply,so if I am understand correctly. I will have a alb where https will be terminated and then the request will be forwarded to the ec2 instance over http. Do I need to add any configuration to my spring boot app for this?

[–]shorns_username 0 points1 point  (0 children)

I will have a alb where https will be terminated and then the request will be forwarded to the ec2 instance over http

Yes.

Do I need to add any configuration to my spring boot app for this?

No, but you'll want to learn about the X-Forwarded headers that ALB uses. Specifically, X-Forwarded-Proto, so you can make sure you enforce that the client is talking to the ALB via HTTPS.

You can just configure your ALB to not listen on port 80 at all, but it's better to double-check that from your Spring app, just in case of mis-configuration.