This topic describes how to use Application Load Balancer (ALB) to enable end-to-end data transfer over HTTPS.


Data security is important for enterprises that host a large percentage of workloads on the cloud, especially for enterprises in public service sectors and financial industries. To ensure high security, enterprises require data transfers to be encrypted from one end to the other. If a load balancing service is used, both frontend connections (connections between clients and the load balancing service) and backend connections (connections between the load balancing service and backend servers) must be encrypted.

ALB supports end-to-end data transfer over HTTPS. To ensure the security of data-sensitive applications, you can use ALB to establish HTTPS connections between clients and ALB, and between ALB and backend servers.

End-to-end data transfer over HTTPS

Enable end-to-end data transfer over HTTPS

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance is deployed.
  3. In the left-side navigation pane, choose ALB > Server Groups.
  4. On the Server Groups page, click Create Server Group, set the following parameters and click Create.
    Parameter Description
    Server Group Type Select the type of server group that you want to create. In this example, Instance is selected.
    Server Group Name Enter a name for the server group.
    VPC Select a virtual private cloud (VPC) from the drop-down list. In this example, the VPC where the ALB instance is deployed is selected.
    Backend Server Protocol Select a backend protocol. HTTPS is selected in this example.
    Scheduling Algorithm Select a scheduling algorithm. Default value: Weight Round Robin. In this example, the default scheduling algorithm is used.
    Resource Group Select the resource group to which the server group belongs.
    Session Persistence Specify whether to enable session persistence. In this example, session persistence is disabled, which is the default setting.
    Configure Health Check Specify whether to enable health checks. In this example, health checks are enabled, which is the default setting.
    Advanced Settings In this example, the default advanced settings are used. For more information, see Manage server groups.
  5. On the Server Groups page, find the server group that you created and click Modify Backend Server in the Actions column.
  6. On the Backend Servers tab, click Add Backend Server.
  7. In the Add Backend Server panel, specify the type of backend server, select the backend server that you want to add, and then click Next.
  8. Set the port to 443, use the default weight, and then click OK.
  9. For more information about how to create HTTPS listeners, see Add an HTTPS listener.
    Note On the Select Server Group wizard page, select the server group that you created.