1. Answers
  2. Supporting multiple domains with SNI in ALB listener certificates

How do I support multiple domains with SNI in ALB listener certificates?

In this guide, we will configure an Application Load Balancer (ALB) in AWS to support multiple domains using Server Name Indication (SNI). SNI allows you to serve multiple SSL/TLS certificates on the same IP address, which is useful when you want to host multiple secure (HTTPS) websites behind a single load balancer.

We will:

  1. Create an ALB.
  2. Create an HTTPS listener for the ALB.
  3. Attach multiple certificates to the listener using SNI.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a VPC (Virtual Private Cloud)
const vpc = new aws.ec2.Vpc("vpc", {
    cidrBlock: "10.0.0.0/16",
});

// Create subnets for the VPC
const subnet1 = new aws.ec2.Subnet("subnet1", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    availabilityZone: "us-west-2a",
});

const subnet2 = new aws.ec2.Subnet("subnet2", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    availabilityZone: "us-west-2b",
});

// Create an ALB (Application Load Balancer)
const alb = new aws.lb.LoadBalancer("alb", {
    internal: false,
    loadBalancerType: "application",
    securityGroups: [], // Add security group IDs as needed
    subnets: [subnet1.id, subnet2.id],
});

// Create an HTTPS listener for the ALB
const httpsListener = new aws.lb.Listener("httpsListener", {
    loadBalancerArn: alb.arn,
    port: 443,
    protocol: "HTTPS",
    defaultActions: [{
        type: "fixed-response",
        fixedResponse: {
            contentType: "text/plain",
            messageBody: "Default response",
            statusCode: "200",
        },
    }],
});

// Create ACM certificates for the domains
const cert1 = new aws.acm.Certificate("cert1", {
    domainName: "example1.com",
    validationMethod: "DNS",
});

const cert2 = new aws.acm.Certificate("cert2", {
    domainName: "example2.com",
    validationMethod: "DNS",
});

// Attach the certificates to the listener using SNI
const listenerCert1 = new aws.lb.ListenerCertificate("listenerCert1", {
    listenerArn: httpsListener.arn,
    certificateArn: cert1.arn,
});

const listenerCert2 = new aws.lb.ListenerCertificate("listenerCert2", {
    listenerArn: httpsListener.arn,
    certificateArn: cert2.arn,
});

// Export the ALB DNS name
export const albDnsName = alb.dnsName;

Key Points:

  • VPC and Subnets: We created a VPC and two subnets to host the ALB.
  • ALB Creation: An Application Load Balancer was created.
  • HTTPS Listener: An HTTPS listener was configured for the ALB.
  • ACM Certificates: Two ACM certificates were created for different domains.
  • SNI Configuration: The certificates were attached to the listener using SNI.

Summary:

We configured an AWS Application Load Balancer to support multiple domains using SNI by creating an HTTPS listener and attaching multiple ACM certificates to it. This setup allows the ALB to serve different SSL/TLS certificates based on the requested domain name.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up