ELB WAF Sandwiching - AWS

103 views Asked by At

Okay so I have a unique use case in AWS at least I think its a unique use case.

I have an application that I host listen and interact on ports 25 (SMTP), 443 (HTTPS), 62000(SOCKET). I am tasked with deploying an AWS WAF and a Load Balancer (LB).

Currently if you want to send mail, https or socket traffic you do that via something.example.com (same subdomain)

How can I deploy a WAF, ALB and ELB (maybe via sandwich) without changing the URLs as of right now the way we are thinking we are going to have to deploy it like the following

HTTPS: something.example.com
SMTP: something-mail.example.com
SOCKET: something-socket.example.com

This above would require so much configuration changes and would be abrasive.

IS there a way for me deploy this without so many URL changes.

1

There are 1 answers

0
Mark B On

You could do all this as follows.

First create an Application load balancer, that listens to HTTPS on port 443, and sends traffic to your servers web server port.

Second, create a Network load balancer, with the following listeners:

  • Listener 1: Port 443: Target Group points to Application load balancer
  • Listener 2: Port 25: Target Group points to your server's SMTP port
  • Listener 3: Port 62000: Target Group points to your server's socket port

Third, create your Web Application Firewall, and associate it with the Application load balancer.

Finally, point your custom domain name at the Network load balancer.