I have a Spring Boot Application running on AWS Fargate in a ECS Cluster + ALB on the following flow:
ALB (443/HTTPS) -> Spring Boot Application (8080:HTTP)
So, I want to enable HTTP/2 in my application, but to do this, I need my application to run on HTTPS (TLS/SSL).
How can I configure a certificate on AWS Fargate, once my domain is attached in ALB and not directly on my task/container?
To be able to achieve this, you will need to configure ALB to terminate certificate 1 . After SSL is terminated at ALB, you will need the ALB to forward traffic using HTTPS over port 443 "port can be changed to another one" to the backend "Fargate" where your service is listening.
Client<----HTTPS---->ALB<----HTTPS---->ECS fargate in Target Group
You will need to have an SSL certificate on your container tasks. You will need to purchase a certificate from a third-party vendor for your domain like Go-daddy as certificates from Amazon Certificate manager are to be used with only AWS-managed services like ALB, CloudFront etc. 2
This SSL configuration needs to be made in the docker image(s) similar to any web server for your tasks.
Another option that we can consider is considering to use Envoy. Please refer the blog here: "Encryption All The Way To The Container In ECS With Envoy". 3