Configure SSL on AWS Load Balancer

Overview

Atlan does not support SSL termination on an AWS Elastic Load Balancer. Therefore, to have SSL/TLS termination on an AWS ELB, you need to manually configure the AWS ELB and the Atlan portal.

๐Ÿ“œ Prerequisites

Before you get started, you should generate a Public/Private certificate from AWS ACM and note down the ARN value of particular certificate for future use.

โ€‹Here is a guide to generate certificates from AWS ACM.

๐Ÿ› ๏ธ A step-by-step guide for Atlan cloud deployment on AWS

STEP 1: Configure AWS Elastic Load Balancer

  • In AWS, go to the ELB section.

  • Select the Load Balancer for the Atlan UI. (To find it on the EC2 Load Balancer console, search by the tag. For example, ag:stack:name : CF_STACK_NAME.)

๐Ÿ‘€ Note: An Atlan deployment creates two AWS Load Balancers: NLB and Classic Load Balancer. Please select NLB.

  • Click on the "Listeners" tab.

Listeners tab
  • Before proceeding, please note down the "TargetGroup" name as present in the TCP:80 listener.

  • In AWS, select the TCP:443 listener and click "Edit".

  • Select "TLS" as protocol. For ALPN policy, select "HTTP2Optional".

  • Edit the target group to same as of TCP:80 listener.

  • Select the "Security policy" and the "SSL certificates", which are available on the AWS certificate manager.

  • Click on "Update" at the top to save the configuration. Once it's updated, wait for 5-10 mins.

STEP 2: Change Atlan release configuration

  • Log into the Atlan release portal and go to the "Config" tab.

Login portal
  • Update the Domain Configuration. For example, if the DNS record for the Atlan UI is abc.example.com, enter abc.example.com as the Domain Name.

Domain configuration
  • Update the TLS Configuration. As we are terminating TLS/SSL on AWS ELB, we need to keep TLS/SSL disabled on the Atlan deployment.

  • Check the Use ACM for SSL option and fill in the ARN value of your ACM Certificate.

  • After updating the Domain and TLS Configurations, click the "Save Config" button at the bottom.

  • Deploy the new release created on the release portal after the configuration changes.

You should now be able to access the Atlan UI over SSL ๐ŸŽ‰.

Atlan UI over SSL