Directing the Route 53 Record Set to the ALB

Although it is technically possible to connect to the ALB using its DNS name (such as internal-srgdemo-alb-505957021.eu-central-1.elb.amazonaws.com), this is not recommended for the following reasons:

Previously, we created a record set in the Route 53 hosted zone and requested a certificate for the chosen domain name. You can now direct the record set to the application load balancer.

  1. Using the Find Services search tool, locate and browse to the Route 53 Dashboard.
  2. In the left navigation panel, select Hosted zones. Ignore any errors generated during this process.
  3. From the hosted zones list, select the same hosted zone as you chose for creating the new Route 53 record set. (Use the search box to search for the zone if necessary.)

 

 

  1. Create the record set as outlined here, using the following values in the details pane.
    1. Alias: Change to Yes.
    2. Alias Target: Start typing internal-<domain name>; for example, internal-srgdemo. The long list will be filtered and only your ALB will be displayed. Select it.

Upon selection the word dialstack will be prefixed to the name you entered. This prefix can be ignored.

 

 

  1. Click Save Record Set.
  1. Copy the template UpdateRecordSetToALB.json and open the copy in a text editor. This template is available in the arcsight-platform-cloud-installer-<version>/aws-scripts/objectdefs/ subfolder.
  2. Edit the following:
    1. Record name: Combine the subdomain (such as srgdemo) and hosted zone name. For example, arcsight-dev.com). You can also refer to the AWS worksheet for the RecordSet name.
    2. ALB Canonical hosted zone ID: Get the value from the AWS Worksheet.
    3. ALB DNS name: Get the value from the AWS Worksheet.
  3. Run the following command:
    aws route53 change-resource-record-sets \
    --hosted-zone-id <Hosted zone Id> \
    --change-batch file://UpdateRecordSetToALB.json

Where:

<Hosted zone Id>:Use the Hosted Zone ID from the AWS Worksheet. For example, /hostedzone/Z3EAG7KOHX70J0.

<change-batch file>: Replace the parameter with the name of your own modified instance of the linked JSON template.

Configure Browser

Finally, configure the browser on your bastion to trust the certificate.

For example, in Mozilla Firefox,

  1. Select Preferences > Privacy & Security > Certificates.
  2. Click View Certificates.
  3. Cick Authorities.
  4. Click Import and then browse to the ca.cert.pem to import the file.

Consult your browser documentation for the exact procedure on your browser.

Next Step: Labeling Cloud (AWS) Worker Nodes