AWS announced full featured redirection support for Application Load Balancers. This solves one of the long standing problems with web applications—HTTP to HTTPS redirection.
HTTPS has been the best practice for web applications for years now, and providing a redirection path for people who go to the HTTP address has been a basic requirement for web applications for a long time now. This has traditionally been done by at the web server layer (apache/nginx) or at the load balancer layer (F5 BigIP etc). However AWS load balancers have not had the capability to do this function until now, necessitating application host redirection.
Now we can do this with Application Load Balancers!
- You have an AWS account and are comfortable creating and managing resources.
- You are familiar with AWS Application Load Balancers, Listeners and Target Groups.
- You have a decent familiarity with AWS CloudFormation syntax.
AWS Web Console
Creating an HTTP to HTTPS redirection rule happens in the Listener, as a Rule. I assume that you’re already familiar with setting up a basic ALB, Target Group, and Listener. Once you’ve created a Listener, you can add a new rule to it to handle the redirection.
In order for the ALB to respond on port 80 and 443, we’ll need two separate Listeners, one for each. The redirection rule will be attached to the port 80 listener.
The documentation I’ve been able to find on how rules work are a little thin. I’d love if anyone has found some more in-depth examples of rule conditions! (twitter: @estranged).
A rule has to have a condition and an action. Since we want to redirect all traffic that comes in on port 80 to the same URI, just with HTTPS instead, our condition should be simply “all”. Unfortunately you can’t just put a single asterisk in for the condition, the closest I’ve been able to come up with is
*.example.com, where example.com is whatever your domain is.
The redirection itself happens in the action section. Select
Redirect to... in the action section.
Since we just need to redirect HTTP to HTTPS, we’ll leave the host, path, and query as-is, and just change the protocol to HTTPS and the port to 443.
That’s it! Save it and you’re good to go. Make sure your ALB security group allows both port 80 and 443 traffic, and all your incoming port 80 traffic will now be redirected to 443.
! Update ! 2018-12-28
Amazon added CloudFormation support for the new ALB features in late November 2018, so the Lambda based solution is no longer needed. I was almost right in my guessed tempalte syntax, I just missed that you’ll need to quote some of the values to avoid YAML parsing errors.
Here is the updated CloudFormation template with redirection listener:
Unfortunately, there is no CloudFormation support for these new features yet. If you have an AWS support rep let them know to add this as a feature request!
! Update ! 2018-09-19
I’ve come up with a Lambda based solution for adding redirection listeners from within a CloudFormation template. Its not ideal but it does work and should serve as a bridge until AWS releases proper CloudFormation support.