Join Log in
Score:1
RustyShackleford avatar Server

AWS NLB HTTPs health check using mTLS

fm flag
RustyShackleford

Is it possible to do a AWS NLB HTTPs health check using mTLS?

I tried setting up a TLS listener, loaded my cert, setup a TLS target group with HTTPs health check, but the health checks are still failing despite the cert loaded on the NLB.

57
0 + 0
ssl
nlb
Score:0
user1028195 avatar Server
mv flag
user1028195

This is not true as of a while now. NLB supports both TCP connection health checks as well as HTTP plaintext and HTTP TLS health checks with configurable health endpoint

+ 1
user1028195 avatar
mv flag
user1028195
NLB does not use security groups so you need to add the NLB or VPC subnets directly to the EC2 security groups as well as whitelist the actual client IP address The TLS health check does not do cert validation so using self signed certs will work just fine. As long as the target group health check config specifies TLS and not TCP it should work fine.
0
Reply
Score:0
avatar Server
cn flag
shearn89

I don't think so, an NLB operates at Layer 4, whereas TLS operates a level higher. I believe you can only do TCP/UDP healthchecks - ("is it reachable").

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.