Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Create a listener for your Network Load Balancer
A listener is a process that checks for connection requests. You define a listener
when you create your load balancer, and you can add listeners to your load balancer at
any time.
Prerequisites
Add a listener
You configure a listener with a protocol and a port for connections from clients
to the load balancer, and a target group for the default listener rule. For more
information, see Listener configuration.
- Console
-
To add a listener
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose Load Balancers.
-
Select the name of the load balancer to open its details page.
-
On the Listeners tab, choose Add listener.
-
For Protocol, choose TCP,
UDP, TCP_UDP, or
TLS. Keep the default port or type a different
port.
-
For Default action, choose an available target
group. If you don't have a target group that meets your needs,
choose Create target group to create one now.
For more information, see Create a target group.
-
[TLS listeners] For Security policy, we recommend
that you keep the default security policy.
-
[TLS listeners] For Default SSL/TLS server certificate,
choose the default certificate. You can select the certificate from one of
the following sources:
-
If you created or imported a certificate using Amazon Certificate Manager, choose
From ACM, then choose the certificate from
Certificate (from ACM).
-
If you imported a certificate using IAM, choose From
IAM, and then choose the certificate from
Certificate (from IAM).
-
If you have a certificate, choose Import certificate.
Choose either Import to ACM or Import to
IAM. For Certificate private
key, copy and paste the contents of the private key file
(PEM-encoded). For Certificate body, copy and
paste the contents of the public key certificate file (PEM-encoded).
For Certificate Chain, copy and paste the
contents of the certificate chain file (PEM-encoded), unless you are
using a self-signed certificate and it's not important that browsers
implicitly accept the certificate.
-
[TLS listeners] For ALPN policy, choose a policy to
enable ALPN or choose None to disable ALPN. For more
information, see ALPN policies.
-
Choose Add.
-
[TLS listeners] To add certificates to the optional certificate list, see
Add certificates to the certificate list.
- Amazon CLI
-
To create a target group
If you don't have a target group that you can use for the default action,
use the create-target-group command to create one now. For
examples, see Create a target group.
To add a TCP listener
Use the create-listener command, specifying the TCP protocol.
aws elbv2 create-listener \
--load-balancer-arn load-balancer-arn
\
--protocol TCP \
--port 80
\
--default-actions Type=forward,TargetGroupArn=target-group-arn
To add a TLS listener
Use the create-listener command specifying the TLS protocol.
aws elbv2 create-listener \
--load-balancer-arn load-balancer-arn
\
--protocol TLS \
--port 443
\
--certificates CertificateArn=certificate-arn
\
--ssl-policy ELBSecurityPolicy-TLS13-1-2-Res-2021-06
\
--default-actions Type=forward,TargetGroupArn=target-group-arn
To add a UDP listener
Use the create-listener command specifying the UDP protocol.
aws elbv2 create-listener \
--load-balancer-arn load-balancer-arn
\
--protocol UDP \
--port 53
\
--default-actions Type=forward,TargetGroupArn=target-group-arn
- CloudFormation
-
To add a TCP listener
Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the
TCP protocol.
Resources:
myTCPListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
LoadBalancerArn: !Ref myLoadBalancer
Protocol: TCP
Port: 80
DefaultActions:
- Type: forward
TargetGroupArn: !Ref myTargetGroup
To add a TLS listener
Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the
TLS protocol.
Resources:
myTLSListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
LoadBalancerArn: !Ref myLoadBalancer
Protocol: TLS
Port: 443
SslPolicy: "ELBSecurityPolicy-TLS13-1-2-Res-2021-06
"
Certificates:
- CertificateArn: "certificate-arn
"
DefaultActions:
- Type: forward
TargetGroupArn: !Ref myTargetGroup
To add a UDP listener
Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the
UDP protocol.
Resources:
myUDPListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
LoadBalancerArn: !Ref myLoadBalancer
Protocol: UDP
Port: 53
DefaultActions:
- Type: forward
TargetGroupArn: !Ref myTargetGroup