Score:1

AWS NLB HTTPs health check using mTLS

fm flag

Is it possible to do a AWS NLB HTTPs health check using mTLS?

I tried setting up a TLS listener, loaded my cert, setup a TLS target group with HTTPs health check, but the health checks are still failing despite the cert loaded on the NLB.

Score:0
mv flag

This is not true as of a while now. NLB supports both TCP connection health checks as well as HTTP plaintext and HTTP TLS health checks with configurable health endpoint

user1028195 avatar
mv flag
NLB does not use security groups so you need to add the NLB or VPC subnets directly to the EC2 security groups as well as whitelist the actual client IP address The TLS health check does not do cert validation so using self signed certs will work just fine. As long as the target group health check config specifies TLS and not TCP it should work fine.
Score:0
cn flag

I don't think so, an NLB operates at Layer 4, whereas TLS operates a level higher. I believe you can only do TCP/UDP healthchecks - ("is it reachable").

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.