How to create a HTTPS listener

[prasenjithaty]

Is there any example of attaching HTTPS listener to the load balancer?

[Deleted user]

Just as a HTTP load balancer, the only difference is the certificate must be created and imported in Certificate Manager

[MikeTheCanuck]

We figured out how to add a 443 Listener to our stack, for just one service:

• the endpoint-service is the one to which we added the ability to address it by https:// as well as the existing http://
• there is an added __assets/ folder we needed for the included application, but which is unnecessary for basic deploys - and we had to add that extra Listener because we can't just bind the endpoint-service to Path: /*, since we have a number of other containers that are bound to other routes e.g. /transportation-systems/* is bound to another container entirely
• there is no implicit http-to-https redirector here - the underlying container service is receiving requests from separate listeners at http:// and https://

In any case, I hope this helps anyone who comes looking for a solution
hackoregon/hackoregon-aws-infrastructure#52

[kaikuchn]

Assuming you want to use an existing certificate (loaded into the AWS CertificateManager) instead of issuing one adapt the LoadBalancerListener like this:

LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref LoadBalancer
      Port: 443
      Protocol: HTTPS
      Certificates:
        - CertificateArn: !Join
          - ":"
          - - arn:aws:acm
            - !Ref AWS::Region
            - !Ref AWS::AccountId
            - !Join ["/", ["certificate", !Ref CertificateId ]]
      SslPolicy: !Ref SslPolicy
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref DefaultTargetGroup

I've added two variables: CertificateId and SslPolicy which you could just as well hard code.
You need to obtain the CertificateId from somewhere (it's a UUID) and decide on a SslPolicy, .e.g. ELBSecurityPolicy-TLS-1-2-Ext-2018-06.