Endpoints represent the FQDN or the IP address that clients connect to. It can be internal, that is within the VPC. Clients can access the application only within the internal network. If an external endpoint is selected, any client can access the application over the internet.
The FQDN can be auto-allocated or user-defined. Auto-allocated lets you use a DNS provider other than AWS Route 53. The FQDN is displayed after you deploy the application. You must add this FQDN as a CNAME in your authoritative DNS zone configuration. User-defined lets you use AWS Route 53 as a DNS provider to host your application’s FQDN. You must have bought and registered a domain with Route 53. That is, the zone must be properly acquired from AWS or delegated to AWS. For more information, see https://docs.aws.amazon.com/acm/latest/userguide/setup-domain.html. For example, if the registered zone is
example.net and the domain is app1, then
app1.example.net is the FQDN that clients will connect to access your app.
An endpoint must have a default content route associated with it. The route includes the conditions and a target service. If the traffic matches the condition, the request is directed to the specified service.
- Click Add Endpoint.
- Click Create Endpoint.
- Specify values for the following parameters:
- Access: Specify Internal or External.
- FQDN: Specify Auto allocated or User defined.
- Protocol: Specify HTTP or HTTPS. If you select HTTPS, you must add a certificate and optionally, add an SSL policy to get an A+ rating for your applications. For more information, see Add an SSL certificate. You can select one or more certificates, if present, from the list. Select Auto Redirect HTTP traffic to HTTPS to ensure that the clients communicate over secure SSL.
Click Create Endpoint.
- Select the endpoint and click Select Endpoint.
(Optional) To add a route based on some conditions click Add. Specify a name, condition, and a target service. Click Add.
To add a default route, select a service from the Default Content route list. Click Add Default Content route. Requests that do match any condition are forwarded to this service.
You have completed the steps to create an endpoint. Select from one of the following options:
- Click Next to configure a load balancer, content rules, and security protection.
- Click Deploy to start application delivery.
Add an SSL certificate
You must add an SSL certificate if you select the HTTPS protocol. You can add an SSL certificate in the endpoint workflow or using the SSL Certificate Manager. For more information about the SSL Certificate Manager, see Manage SSL certificates.
Add an SSL certificate while adding an endpoint
- Click Add SSL Certificate.
- In the Select SSL Certificates page, click Create SSL Certificate.
- In the Create SSL Certificate page, type a certificate name.
- Browse to the location of the certificate and key file on your computer.
- If the key is encrypted, add a password.
- To add the certificate in the certificate chain, select Add certificate in certificate chain.
- Click Create.
Get an A+ rating from Qualys Labs
Perform the following actions to get an A+ rating from Qualys Labs for your applications.
- Click Add SSL Policy.
- In the Create SSL Policy page, type a name for the policy.
- Select A+ Security.
- Click Create.