Accessing AWX with AWS ALB

Share this post on:

How to use AWS Application Load Balancer for SSL termination for AWX server

If you have installed one of our AWX pre-built images, you should consider adding more security by encrypting all traffic to your AWX instance.

AWX is an open source community project, sponsored by Red Hat, that enables users to better control their community Ansible project use in IT environments. AWX is the upstream project from which the automation controller component is ultimately derived.

If you’re new to AWX and want to get started fast, our custom AWX image below can help you do just that. See below;

Launch AWX on AWS

In this guide, we’ll focus on the AWS Application Load Balancer (ALB) service, specifically its role in SSL termination.

Think of the Application Load Balancer as an internet traffic controller. Imagine you’re running a service like AWX on a server, and you want to be able to access it reliably and securely. When many hosts or users try to access your service simultaneously, the server running AWX might not be able to handle this traffic surge. The ALB helps manage this by smartly directing the traffic to the least busy server, ensuring access to your service is smooth and quick.

A key feature we’re exploring is SSL termination. This means the ALB handles the secure part of your traffic, making sure that any information sent to and from your users and hosts is safe and encrypted. This keeps your host’s data secure and takes the heavy lifting off your AWX server, making your service faster and more efficient.

This document explains in more detail.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

Getting Started.

From the EC2 Console, access “Load balancers” option and start the process of creating a load balancer. We are going to use an Application Load balancer

Create ALB

Some of the settings to watch out for while creating the Application Load balancer include;

  • Select the right VPC to match your AWX instance
  • Add correct security groups to allow incoming traffic to your ALB and instance
Create Security Group

In creating security groups, consider the architecture below

Architecture-Security-Group

Create a target group (remember your AWX instance is listening on port 30300/tcp)

Target Group

If you have already saved your SSL certificate in AWS ACM, you can add it here. If not, choose the option to import it.

Set ACM certificate

Now you can go ahead and create your ALB. It will take about 5mins to create. You should be able to access to access your AWX instance using the ALB DNS name. (This can be accessed on the ALB console).

To use a custom domain name (e.g awx.example.com), you can create a CNAME on your dns that points your favourite name to the AWS ALB dns name.

That’s all folks.

Do you still need help?

Look, our Tech Support Staff live and breathe Cloud Engineering. Let them handle the details, so you can focus on the big picture.

Contact Support
Share this post on: