How do I use CloudFormation to associate multiple ACM SSL or TLS certificates with an Application Load Balancer?

1 minute read
0

I want to use AWS CloudFormation to associate multiple AWS Certificate Manager (ACM) SSL and TLS certificates with an Application Load Balancer.

Resolution

To add a default SSL or TLS server for a secure listener, use the Certificates property for the AWS::ElasticLoadBalancingV2::Listener resource. This resource provides one certificate. To add more certificates, use AWS::ElasticLoadBalancingV2::ListenerCertificate. AWS::ElasticLoadBalancingV2::ListenerCertificate includes a Certificates parameter that accepts a list of certificates.

To create an Application Load Balancer listener with one default certificate, use the following CloudFormation template:

HTTPlistener:
  Type: 'AWS::ElasticLoadBalancingV2::Listener'
  DependsOn: ApplicationLoadBalancer
  Properties:
    DefaultActions:
      - Type: fixed-response
        FixedResponseConfig:
          ContentType: text/plain
          MessageBody: Success
          StatusCode: '200'
    LoadBalancerArn: >-
      arn:aws:elasticloadbalancing:Region:AccountID:loadbalancer/app/TestACMELB/1032d48308c9b37f
    Port: '443'
    Protocol: HTTPS
    Certificates:
      - CertificateArn: >-
          arn:aws:acm:Region:AccountID:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90

To add multiple certificates to the Application Load Balancer listener, use the following CloudFormation template:

AdditionalCertificates:
  Type: 'AWS::ElasticLoadBalancingV2::ListenerCertificate'
  DependsOn: HTTPlistener
  Properties:
    Certificates:
      - CertificateArn: >-
          arn:aws:acm:Region:AccountID:certificate/c71a3c29-e79d-40e6-8834-650fe0d54a3f
      - CertificateArn: >-
          arn:aws:acm:Region:AccountID:certificate/fff1c1ba-3d97-4735-b3d5-9c5269b75db3
    ListenerArn:
      Ref: HTTPlistener

Note: In the preceding templates, replace Region with your AWS Region and AccountID with your AWS account. Also, replace the values for LoadBalancerARN and CertificateARN with the Application Load Balancer and certificate ARN.

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago