Written by
Jimmy John
on
on
Adding multiple certs to an ALB
If you are using AWS and ALBs, you have the ability to add multiple certs to the ALB and terminate SSL there.
While it is easy to do via the AWS console, their documentation is not that clear as to how to do it in an automated way. The following is the code snippet, written with troposphere, to show you how to do it.
First create a HTTS listener with a certificate:
def create_lb_listener_https(alb, default_target_group, param_cert_one):
return Listener(‘LoadBalancerListenerHTTPS’,
Port='443’,
Protocol='HTTPS’,
LoadBalancerArn=Ref(alb),
DefaultActions=[Action(Type='forward’,
TargetGroupArn=Ref(default_target_group))],
# Note, only one cert ARN can be specified here, else you will get an error
Certificates=[
Certificate(CertificateArn=Ref(param_cert_one)),
]
)Now we have one listener, with a cert, attached to the ALB:
listener_arn = create_lb_listener_https(alb, default_target_group, param_cert_primary)We can now add more certs via a ListenerCertificate:
def make_listener_certificate_two(listener_arn, param_cert_two):
return ListenerCertificate('ListenerCertificate’,
Certificates=[
Certificate(CertificateArn=Ref(param_cert_two)),
],
ListenerArn=Ref(listener_arn),
Condition=condition
)
def make_listener_certificate_three(listener_arn, param_cert_three):
return ListenerCertificate('ListenerCertificate’,
Certificates=[
Certificate(CertificateArn=Ref(param_cert_three)),
],
ListenerArn=Ref(listener_arn),
Condition=condition
)The above is not describer clearly in the AWS docs. Hopefully this saves you some time if you run into this.