How to Set Up a Secure Website Using AWS LightSail  & Load Balancer

 

Step 1: Create and Configure AWS LightSail Instances

  1. Create Two LightSail Instances
    1. Log in to your AWS account.
    2. Navigate to LightSail.
    3. Create two instances in your desired region.

    A screenshot of a computer Description automatically generated

  1. Enable VPC Peering
    1. Go to Account settings and enable VPC peering.
    2. Choose Advanced settings if needed for your setup.

A screenshot of a computer Description automatically generated

 

Step 2: Set Up Target Groups and Register Instances

  1. Create Two Target Groups
    1. Go to the EC2 Dashboard and select Target Groups under the Load Balancing section.
    2. Create the first target group using IP addresses and add the private IP of the first Lightsail instance.
    3. Create the second target group in the same manner, adding the private IP of the second Lightsail instance.

 

Step 3: Request an SSL Certificate via AWS Certificate Manager (ACM)

  1. Request a Certificate
    1. Navigate to AWS Certificate Manager (ACM).
    2. Request a public certificate and add the Fully Qualified Domain Name (FQDN) for your root domain (e.g., cloud24.mycloud.academy).
    3. Add a wildcard domain (e.g., *delhi.cloud24.mycloud.academy) in the additional domain names section.

           A screenshot of a computer Description automatically generated

  1. Verify Domain Ownership
    1. Add the provided CNAME records to your Route 53 hosted zone for domain verification.

 

Step 4: Create and Configure a Load Balancer

  1. Create a Load Balancer
    1. Go to EC2 Dashboard and select Load Balancers.
    2. Create an Application Load Balancer (ALB) and configure it to route traffic.

 

A screenshot of a computer Description automatically generated

 

  1. Add HTTPS Listener
    1. Select HTTPS as the listener protocol.
    2. Attach the target group where the first instance's private IP is registered.
    3. Select the SSL certificate from ACM.
  2. Redirect HTTP to HTTPS
    1. Go to the HTTP Listener settings and edit the rule.
    2. In Routing actions, select Redirect to URL.
    3. Set the redirect URL to https://#{host}:443/#{path}?#{query} to ensure all HTTP requests are redirected to HTTPS.

A screenshot of a computer Description automatically generated

  1. Configure HTTPS Listener for Subdomain
    1. Edit the HTTPS listener rule.
    2. Add a condition for Host Header with the subdomain name.
    3. Set the action to forward traffic to the second target group.

A screenshot of a computer Description automatically generated

A screenshot of a screenshot of a group Description automatically generated

 

A screenshot of a computer Description automatically generated

 

Step 5: Configure DNS with Route 53

  1. Add CNAME Records in Route 53
    1. Copy the DNS name of your ALB.
    2. Create a CNAME record in Route 53 for your root domain (e.g., cloud24.mycloud.academy).
    3. Create a CNAME record for your subdomain using the same ALB DNS name.