AWS Application Load Balancers (“ALB”)s
This is a technical multi-step process. A high level overview:
Applicable to low-risk data classification, web-apps
Review of domain name selection and website content by YaleSites, or Yale School of Medicine (“YSM”)
Backend load balancing target must use HTTPS, e.g., IIS, nginx, apache with self-signed certificate
yale.edu HTTPS SSL Certificates can use AWS Certificate Manager (“ACM”) - for the public facing load balancer
ALB can be setup manually, using command line, or with terraform as illustrated below
DNS requests for yale.edu domain name requested of “DNS” group in ServiceNow
Pre-requisite Information Gathering
Only create AWS ALBs for low-risk data web applications .
How to verify that data is a low risk and perform data classification - Data Classification Policy
Moderate risk and high risk data classification services cannot use AWS ALB, and must load balance through ITS F5 load balancing. Please open a support Incident in ServiceNow for Load Balancing for non-low-risk data-driven web apps.
Low risk data does not need a Security Design Review ("SDR")
Verify approval from YaleSites, and/or Yale School of Medicine ("YSM") med.yale.edu domain names, for the domain name and website content
For Yalesites approval - *.yale.edu - email webmaster@yale.edu
For med.yale.edu domain names, email the YSM, ysm.editor@yale.edu
Enter useful tag information for accounting purposes
...
Get tagging/metadata for the DNS team as show below
INC1767828Short description:Create Private/Public DNS record for an AWS ALB: example.yale.edu
...
Please create the following private/public DNS record(s):
CNAME:hunala-app-stagingexample.yale.edu: example-yale-edu.661617135.us-east-1.elb.amazonaws.com.
...