How to use AWS Application Load Balancer for SSL termination for AWX server
If you have installed one of our AWX pre-built images, you should consider adding more security by encrypting all traffic to your AWX instance.
AWX is an open source community project, sponsored by Red Hat, that enables users to better control their community Ansible project use in IT environments. AWX is the upstream project from which the automation controller component is ultimately derived.
If you’re new to AWX and want to get started fast, our custom AWX image below can help you do just that. See below;
In this guide, we’ll focus on the AWS Application Load Balancer (ALB) service, specifically its role in SSL termination.
Think of the Application Load Balancer as an internet traffic controller. Imagine you’re running a service like AWX on a server, and you want to be able to access it reliably and securely. When many hosts or users try to access your service simultaneously, the server running AWX might not be able to handle this traffic surge. The ALB helps manage this by smartly directing the traffic to the least busy server, ensuring access to your service is smooth and quick.
A key feature we’re exploring is SSL termination. This means the ALB handles the secure part of your traffic, making sure that any information sent to and from your users and hosts is safe and encrypted. This keeps your host’s data secure and takes the heavy lifting off your AWX server, making your service faster and more efficient.
This document explains in more detail.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
Getting Started.
From the EC2 Console, access “Load balancers” option and start the process of creating a load balancer. We are going to use an Application Load balancer
Some of the settings to watch out for while creating the Application Load balancer include;
- Select the right VPC to match your AWX instance
- Add correct security groups to allow incoming traffic to your ALB and instance
In creating security groups, consider the architecture below
Create a target group (remember your AWX instance is listening on port 30300/tcp)
If you have already saved your SSL certificate in AWS ACM, you can add it here. If not, choose the option to import it.
Now you can go ahead and create your ALB. It will take about 5mins to create. You should be able to access to access your AWX instance using the ALB DNS name. (This can be accessed on the ALB console).
To use a custom domain name (e.g awx.example.com), you can create a CNAME on your dns that points your favourite name to the AWS ALB dns name.
That’s all folks.
Do you still need help?
Look, our Tech Support Staff live and breathe Cloud Engineering. Let them handle the details, so you can focus on the big picture.
Contact Support