AWS ALB with Multiple Listeners, SNI, and Host-Based Routing

This guide explains how to set up an Application Load Balancer (ALB) with multiple SSL certificates using SNI (Server Name Indication) and configure host-based load balancing.

1. Prerequisites

• AWS Account
• ALB created in a VPC with at least two public subnets
• SSL certificates in AWS Certificate Manager (ACM) for your domains
• Target groups created for each application/domain

2. Steps to Configure

Step 1: Create ALB

• Go to EC2 > Load Balancers > Create Load Balancer
• Select Application Load Balancer
• Scheme: Internet-facing
• Listeners: Add HTTPS (443)
• Choose at least 2 public subnets

Step 2: Add Multiple SSL Certificates (SNI)

1. Under Listeners > HTTPS (443) > View/Edit Certificates

2. Add your default SSL certificate (e.g., example.com).

3. Add additional certificates using Add certificate.

   • ALB uses SNI to serve the correct certificate based on the requested domain.

Step 3: Configure Listener Rules (Host-Based Routing)

1. Go to Listeners > HTTPS (443) > Rules > Add Rule.

2. Example rules:

   • IF Host header = app1.example.com → Forward to Target Group 1
   • IF Host header = app2.example.com → Forward to Target Group 2
   • IF Host header = default.example.com → Forward to Default Target Group

Step 4: Add Additional Listener (Optional)

• You can add HTTP (80) listener.
• Create a rule to Redirect HTTP → HTTPS for secure connections.

3. Example Rule Summary

4. Verification

• Test each domain in a browser:

  • https://app1.example.com → Should hit App1 target group
  • https://app2.example.com → Should hit App2 target group

• Certificates should be served correctly via SNI.

5. Notes

• ALB supports up to 25 certificates per listener.
• Always ensure DNS (Route 53 or other provider) points to ALB DNS name.