Create a listener for your Network Load Balancer - Elastic Load Balancing
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create a listener for your Network Load Balancer

A listener is a process that checks for connection requests. You define a listener when you create your load balancer, and you can add listeners to your load balancer at any time.

Prerequisites

Add a listener

You configure a listener with a protocol and a port for connections from clients to the load balancer, and a target group for the default listener rule. For more information, see Listener configuration.

Console
To add a listener
  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Load Balancers.

  3. Select the name of the load balancer to open its details page.

  4. On the Listeners tab, choose Add listener.

  5. For Protocol, choose TCP, UDP, TCP_UDP, or TLS. Keep the default port or type a different port.

  6. For Default action, choose an available target group. If you don't have a target group that meets your needs, choose Create target group to create one now. For more information, see Create a target group.

  7. [TLS listeners] For Security policy, we recommend that you keep the default security policy.

  8. [TLS listeners] For Default SSL/TLS server certificate, choose the default certificate. You can select the certificate from one of the following sources:

    • If you created or imported a certificate using Amazon Certificate Manager, choose From ACM, then choose the certificate from Certificate (from ACM).

    • If you imported a certificate using IAM, choose From IAM, and then choose the certificate from Certificate (from IAM).

    • If you have a certificate, choose Import certificate. Choose either Import to ACM or Import to IAM. For Certificate private key, copy and paste the contents of the private key file (PEM-encoded). For Certificate body, copy and paste the contents of the public key certificate file (PEM-encoded). For Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate.

  9. [TLS listeners] For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN. For more information, see ALPN policies.

  10. Choose Add.

  11. [TLS listeners] To add certificates to the optional certificate list, see Add certificates to the certificate list.

Amazon CLI
To create a target group

If you don't have a target group that you can use for the default action, use the create-target-group command to create one now. For examples, see Create a target group.

To add a TCP listener

Use the create-listener command, specifying the TCP protocol.

aws elbv2 create-listener \ --load-balancer-arn load-balancer-arn \ --protocol TCP \ --port 80 \ --default-actions Type=forward,TargetGroupArn=target-group-arn
To add a TLS listener

Use the create-listener command specifying the TLS protocol.

aws elbv2 create-listener \ --load-balancer-arn load-balancer-arn \ --protocol TLS \ --port 443 \ --certificates CertificateArn=certificate-arn \ --ssl-policy ELBSecurityPolicy-TLS13-1-2-Res-2021-06 \ --default-actions Type=forward,TargetGroupArn=target-group-arn
To add a UDP listener

Use the create-listener command specifying the UDP protocol.

aws elbv2 create-listener \ --load-balancer-arn load-balancer-arn \ --protocol UDP \ --port 53 \ --default-actions Type=forward,TargetGroupArn=target-group-arn
CloudFormation
To add a TCP listener

Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the TCP protocol.

Resources: myTCPListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Properties: LoadBalancerArn: !Ref myLoadBalancer Protocol: TCP Port: 80 DefaultActions: - Type: forward TargetGroupArn: !Ref myTargetGroup
To add a TLS listener

Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the TLS protocol.

Resources: myTLSListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Properties: LoadBalancerArn: !Ref myLoadBalancer Protocol: TLS Port: 443 SslPolicy: "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" Certificates: - CertificateArn: "certificate-arn" DefaultActions: - Type: forward TargetGroupArn: !Ref myTargetGroup
To add a UDP listener

Define a resource of type AWS::ElasticLoadBalancingV2::Listener using the UDP protocol.

Resources: myUDPListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Properties: LoadBalancerArn: !Ref myLoadBalancer Protocol: UDP Port: 53 DefaultActions: - Type: forward TargetGroupArn: !Ref myTargetGroup