Create a listener for your Network Load Balancer

A listener is a process that checks for connection requests. You define a listener when you create your load balancer, and you can add listeners to your load balancer at any time.

Prerequisites

You must specify a target group for the listener rule. For more information, see Create a target group for your Network Load Balancer.
You must specify an SSL certificate for a TLS listener. The load balancer uses the certificate to terminate the connection and decrypt requests from clients before routing them to targets. For more information, see Server certificates for your Network Load Balancer.
You can't use an IPv4 target group with a UDP listener for a dualstack load balancer.

Add a listener

You configure a listener with a protocol and a port for connections from clients to the load balancer, and a target group for the default listener rule. For more information, see Listener configuration.

To add a listener using the console

Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.
In the navigation pane, choose Load Balancers.
Select the name of the load balancer to open its details page.
On the Listeners tab, choose Add listener.
For Protocol, choose TCP, UDP, TCP_UDP, or TLS. Keep the default port or type a different port.
For Default action, choose an available target group.
[TLS listeners] For Security policy, we recommend that you keep the default security policy.
[TLS listeners] For Default SSL/TLS server certificate, choose the default certificate. You can select the certificate from one of the following sources:
- If you created or imported a certificate using Amazon Certificate Manager, choose From ACM, then choose the certificate from Certificate (from ACM).
- If you imported a certificate using IAM, choose From IAM, and then choose the certificate from Certificate (from IAM).
- If you have a certificate, choose Import certificate. Choose either Import to ACM or Import to IAM. For Certificate private key, copy and paste the contents of the private key file (PEM-encoded). For Certificate body, copy and paste the contents of the public key certificate file (PEM-encoded). For Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate.
[TLS listeners] For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN. For more information, see ALPN policies.
Choose Add.
[TLS listeners] To add certificates to the optional certificate list, see Add certificates to the certificate list.

To add a listener using the Amazon CLI

Use the create-listener command to create the listener.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Listeners

Server certificates