By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Classic Load Balancer + Amazon Certificate Manager + SSRS (EC2) Possible?

0

Hi all, I have an SSRS server on EC2 that I would like to place behind a load balancer to simplify connectivity, as well as the renewal of the certificate which is currently purchased via DigiCert. I have some experience configuring Application Load Balancers, Target Groups and Certificate Manager, however, the Classic Load Balancer is new to me and documentation on this particular desired configuration is difficult to find. Here are a few articles that sound like they were attempting to achieve the same thing, however, I'm not currently able to piece together a final solution.

  1. https://community.spiceworks.com/topic/2096363-configuring-sql-server-reporting-services-behind-elb-with-https
  2. https://www.sqlservercentral.com/forums/topic/ssrs-with-aws-load-balancer
  3. https://stackoverflow.com/questions/28547748/ssrs-ssl-through-a-load-balancer

At a high level, the connectivity would be: Client -> Custom Load Balancer DNS -> Target Group containing single SSRS instance

Thanks in advance.

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Elastic Load BalancingAWS Certificate ManagerClassic Load BalancerNetwork Load Balancer
Language
English
aws-architech
asked 10 months ago297 views
1 Answer
0

Classic Load Balancer wouldn't be my first choice here, yes it's still an option but they are being deprecated and will be retired sooner or later. For the use case you have here a Network Load Balancer sounds like a more future-proof solution.

Start off by creating a target group containing just your one instance https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html The page that link opens at looks really daunting, it's not really, the best thing to do is work through that section of the pane on the left. Start at create target group, then configure health checks, you can probably skip the next one and then go to target group health and register targets.

You'll also need to create a listener (no point in me guessing at the config, as you know how your app is setup better than anyone) https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html and then use the items you've just created to configure the Network Load Balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html

You can use your current DigiCert certificate, and choose either to import it into ACM https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html and then use that https://docs.aws.amazon.com/elasticloadbalancing/latest/network/listener-update-certificates.html , or it looks like you can directly import the DigiCert certificate (option 7 of https://docs.aws.amazon.com/elasticloadbalancing/latest/network/listener-update-certificates.html#add-certificates ).

profile picture
EXPERT
Steve_M
answered 10 months ago
  • aws-architech
    10 months ago

    Thanks for the response, @RWC. The number one reason for me wanting to put this behind an ELB would be to use Amazon Certificate Manager so that I can use Amazon's certificates as well as the ACM auto-renew feature. If I still have to use the DigiCert certificate which requires manual, yearly renewal already, then there's little incentive to move SSRS behind the LB. I forgot to mention that in my original post.

  • Steve_M EXPERT
    10 months ago

    Certainly the optimal end state would be using ACM to auto-renew the cert.

    In the last paragraph of my answer I suggested imported the DigiCert certificate as it's a known good cert, and so is one fewer new thing that's being introduced as you provision the ELB, listeners, target groups, et al. Once it's working like that you can create a new cert in ACM and cutover to it later.

    Equally there's nothing stopping you from creating a new cert in ACM today and using it with the ELB from the off.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content