aws elbv2 help
aws elbv2 describe-load-balancers
aws elbv2 describe-load-balancer-attributes --load-balancer-arn arn
aws elbv2 describe-listeners --load-balancer-arn arn
aws elbv2 describe-listeners --listener-arn arn
aws elbv2 describe-listener-certificates --listener-arn arn
aws elbv2 describe-target-groups
aws elbv2 describe-target-group-attributes --target-group-arn arn
aws elbv2 describe-target-health --target-group-arn arn
aws elbv2 describe-tags --resource-arns arn
aws elbv2 describe-rules --listener-arn arn
aws elbv2 describe-account-limits
aws elbv2 describe-ssl-policies --names SSLPolicy
The commands below will prompt for:
aws elbv2 describe-load-balancers --output table | grep LoadBalancer
aws acm list-certificates
aws elbv2 describe-target-groups --output table | grep TargetGroup
read -ep "LoadBalancerARN: " LBARN
read -ep "CertificateARN : " CERTARN
read -ep "TargetGroupARN : " TARGARN
aws elbv2 create-listener --load-balancer-arn ${LBARN} --protocol HTTPS --port 443 --certificates CertificateArn=${CERTARN} --ssl-policy ELBSecurityPolicy-2016-08 --default-actions Type=forward,TargetGroupArn=${TARGARN}
(Information correct on 24-Jun-2020)
ELBSecurityPolicy-2016-08
is the default Elastic Load Balancer Security Policy but includes support for TLS1.0 and TLS1.1 which means the Listener cannot score higher than B on the SSLLabs Server Test. For a higher score consider ELBSecurityPolicy-FS-1-2-Res-2019-08
but note that this may cause problems for some older client software. Useful tables to aid in deciding on the best ELBSecurityPolicy for your needs can be found here... https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
The commands below will prompt for:
aws elbv2 describe-load-balancers --output table | grep LoadBalancer
read -ep "LoadBalancerARN: " LBARN
aws elbv2 describe-listeners --load-balancer-arn ${LBARN}
read -ep "ListenerARN: " LISTARN
aws acm list-certificates
read -ep "CertificateARN : " CERTARN
modify-listener --listener-arn ${LISTARN} --certificates CertificateArn=${CERTARN}