Did you know you can generate free SSL certificates for your AWS load balancer?
At work we have some application servers on AWS with an ELB in front, which we wanted to migrate it to HTTPS. It needs a wildcard subdomain so Cloudflare my normal go to is out for now. Let's encrypt would work, but I'd need to have a bit more complex setup to have it auto renew from one node and distribute between the nodes or send the cert to the ELB via the API maybe?
Anyway, after searching I stumbled onto some new AWS posts talking about the Certificate Manager. It allows you to request SSL certs for domains, verify them via email and once setup you can add HTTPS listener to your ELB with the generated certificate, so HTTPS traffic comes in, and HTTP traffic back to the instances securely within your VPC.
A very simple setup provided free on top of our existing architecture, supports wildcards and everything we needed.
More details here:
https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/
