Enforcing HTTPS on our application on AWS
Right now, our application kind of works, but it is a nightmare in terms of security. By the end of this section, we will not have the most secure application, as further reading of a networking and DevOps textbook is suggested to achieve gold-standard security. However, we will have configured security groups, locked down our EC2 instances so that they cannot be directly accessed by outsiders, and enforced encrypted traffic through a load balancer that will then direct traffic to our EC2 instances. The result of our efforts will be the following system:
Figure 17.21 – Not secure login form
To achieve the system shown in Figure 17.21, we need to carry out the following steps:
- Getting certificates approved for our URL and variations.
- Creating multiple EC2 instances to distribute traffic and ensure that the service survives outages.
- Creating a load balancer to handle incoming traffic.
- Creating...