jonathanSanchez.dev

.JS

Back to Blog
AWSEC2SSLNode.jsLoad Balancer

How to Apply SSL for HTTPS to Node Express API in AWS EC2

September 19, 2022 4 min read Read on Medium

You've deployed your Node Express API to an AWS EC2 instance and it's accessible over HTTP. Now you need HTTPS. This guide walks through adding SSL using an Application Load Balancer, Route 53, and AWS Certificate Manager.

Architecture diagram

Pre-requisites: You should already have a Node Express API running on an EC2 instance. If you don't, check out my guide on deploying a Node API to EC2 Ubuntu first.

Step 1: Register Domain Name Using Route 53

Click Register domain

  • Navigate to the Route 53 service in AWS
  • Click "Register domain"
  • Search for an available domain (e.g., mydomainjs.com)
  • Complete the purchase process
  • Wait for domain registration to finalize before moving on — this can take a few minutes to an hour

Search for available domain

Step 2: Generate SSL Certificate from Certificate Manager

Request public certificate

  • Open AWS Certificate Manager
  • Click "Request a certificate" → "Request a public certificate"
  • Add domain variations to cover all cases:
yourdomain.com
*.yourdomain.com
www.yourdomain.com

Add domain name variations

  • Submit the request
  • Note: Certificate generation typically takes around 30 minutes

Step 3: Create Application Load Balancer (ALB)

Initial Setup

Click on Load Balancers

Select ALB type

Create Load Balancer

  • Navigate to EC2 → Load Balancers
  • Click "Create Load Balancer" and select Application Load Balancer

ALB name and defaults

  • Assign a descriptive name
  • Keep default settings

Network mapping - select 2 zones

  • Under Network Mapping, select at least 2 availability zones

Target Group Configuration

Target group HTTP port

Target group defaults

  • Create a new target group using HTTP protocol
  • Specify the port your Node API listens on (e.g., 5001)

Select EC2 instance as target

  • Select the EC2 instance running your API
  • Click "Include as Pending below"
  • Finish creating the target group

Complete ALB Setup

Select TG and SSL cert

  • Return to the ALB creation form
  • Refresh the target group dropdown and select your newly created group
  • Under Listeners, add HTTPS (443) and attach your SSL certificate

Click Create Load Balancer

  • Click "Create Load Balancer"

Security Group Configuration

Edit Security Groups

Select same SG as EC2

  • After the ALB is created, click "Edit Security Groups"
  • Select the same security group you configured for your EC2 instance
  • This ensures the ALB and EC2 instance share the same port access rules

Step 4: Configure Route 53 to Route Traffic to ALB

Route 53 domain

  • Select your registered domain in Route 53
  • Click "Create Record" → choose "Simple Routing" → "Define Simple Record"
  • Configure the A record:
    • Record type: A
    • Route traffic to: Application and Classic Load Balancer
    • Region: same region as your EC2 and ALB
    • Select your ALB from the dropdown
  • Create an AAAA record with the same settings for IPv6 support

Route 53 A and AAAA records

Result

Final result - domain with HTTPS

Your domain now routes traffic through the Application Load Balancer to your EC2 instance over HTTPS. The ALB handles SSL termination, so your Express API continues running on HTTP internally — no changes needed to your Node code.

Back to Blog