Skip to main content
Version: Next

Route53/Certificate Manager/Target Group/ALB Setup


Table of Contents

  1. Prerequisites
  2. Setup Route53 DNS
  3. Setup Certificate Manager
  4. Create and Configure Target Group
  5. Setup ALB
  6. Additional Route53 Hosted Zones Configuration

Detailed Steps

For detailed explanations of {variables}, refer to the Terminology page


1. Prerequisites

Ensure the setup for the installation environment is complete. (Refer to 1. Setup Deploy Environment)


2. Setup Route53 DNS

When a domain is registered, a Hosted Zone is automatically registered. If you already have a Hosted Zone, move to 3. Setup Certificate Manager.


  • Domain Registration

    • Go to the AWS Route53 Console.

    • In the left menu, click Registered domains under Domains.

    • Click Register domains.

    • In the Search for domain section, enter the desired {DOMAIN_NAME} (example.com) and click Search.

    • If the entered domain is available, click Select in the Search Result.

    • Click Proceed to checkout.

    • Select Duration and Auto-renew options, then click Next.

    • Enter the Contact information and click Next.

      • A domain email verification will be sent to the email entered in Contact Information.
      [Expand Verify Domain e-mail]

    • Check I have read and agree to the Amazon Route 53 Domain Name Registration End User Agreement.

    • Click Submit.

    • Domain registration may take approximately 10 minutes (up to 1 day).

    • Once domain registration is complete, an email will be sent to the email entered in Contact Information.

      [Expand Registration Domain e-mail]

  • Register Hosted Zone
    • Go to the AWS Route53 Console.
    • In the left menu, click Hosted zones.
    • Click Create hosted zone.
    • Step 1: Hosted zone configuration
      • Domain name: Enter the desired {DOMAIN_NAME}.
    • Click Create hosted zone to create the Hosted zone.

3. Setup Certificate Manager

Please input the {variables} directly

  • Create a certificate for TLS communication using Certificate Manager.
  • If you already have a Certificate Manager, move to 5. Setup ALB.
  • Go to the AWS Certificate Manager Console.
  • In the left menu, click Request certificate.
  • Select Request a public certificate and click Next.
  • Step 1: Domain names
    • Fully qualified domain name: Enter the above {DOMAIN_NAME}.
    • Click Add another name to this certificate.
      • Enter *.{DOMAIN_NAME}
  • Step 2: Validation method
    • Select DNS validation.
  • Step 3: Key algorithm
    • Select RSA 2048.
  • Click Request.
  • Click the Certificate ID of the created certificate.
  • Click Create records in Route 53.
  • Click Create records to create records in Route53.
  • Verify that the Status of the created certificate in the Certificates list changes to Issued. This process may take some time.

4. Create and Configure Target Group

Please input the {variables} directly

NOTE: The maximum length for a Target Group name is 32 characters. If the length exceeds 32 characters, shorten {INFRA_NAME}-{DEPLOY_ENV} accordingly.


  • A total of 5 Target Groups are needed, each serving the following purposes:

    • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-fe-{AWS_CLUSTER_VERSION_NUM}-30020: AI Conductor Frontend
    • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-be-{AWS_CLUSTER_VERSION_NUM}-30030: AI Conductor Backend
    • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-ig-{AWS_CLUSTER_VERSION_NUM}-30040: AI Conductor Kubeflow
    • Skip if Edge Conductor is installed on-premise.
      • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-fe-{AWS_CLUSTER_VERSION_NUM}-31010: Edge Conductor Frontend
      • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-be-{AWS_CLUSTER_VERSION_NUM}-31020: Edge Conductor Backend
    export AWS_CLUSTER_VERSION_NUM=`echo ${AWS_CLUSTER_VERSION} | tr '.' ''`

  • Create Target Group
    • Go to the AWS EC2 Console.
    • In the left menu, click Target Groups.
    • Click Create target group.
    • Step 1: Basic configuration
      • Choose a target type: Instances
      • Target group name: tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-fe-{AWS_CLUSTER_VERSION_NUM}-30020
      • Protocol : Port: HTTP : 30020
      • IP address type: IPv4
      • VPC: Select {AWS_VPC_NAME}
      • Protocol version: HTTP1
    • Step 2: Health checks
      • Health check protocol: HTTP
      • Path: /
    • Click Next.
    • Click Create target group.
    • Repeat the above steps to create the following Target Groups. Ensure the last 5 digits of the Target Group name match the Port.
      • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-be-{AWS_CLUSTER_VERSION_NUM}-30030
        • Protocol : Port: HTTP : 30030
        • Health checks -> Health check path: /api/v1/healthz
      • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-ig-{AWS_CLUSTER_VERSION_NUM}-30040
        • Protocol : Port: HTTP : 30040
        • Health checks -> Advanced health check settings -> Success codes: 200,302
      • Skip if Edge Conductor is installed on-premise.
        • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-fe-{AWS_CLUSTER_VERSION_NUM}-31010
        • Protocol : Port: HTTP : 31010
        • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-be-{AWS_CLUSTER_VERSION_NUM}-31020
          • Protocol : Port: HTTP : 31020

  • Configure Target Group Association

    • Go to the AWS EKS Console.
    • Click {AWS_CLUSTER_NAME}.
    • Click the Compute tab.
    • In the Compute tab, under Node groups, click ng-{AWS_DEFAULT_REGION_ALIAS}-aicond-{INFRA_NAME}-controller.
    • In the Details tab, under Autoscaling group name, click the asg group resource.
    • In the Auto Scaling groups Details tab, under Load balancing, click Edit.
    • Step 1: Load balancing
      • Check Application, Network or Gateway Load Balancer target groups.
      • In Load balancers, select the following 3 items:
        • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-a

ic-fe-{AWS_CLUSTER_VERSION_NUM}-30020

  • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-be-{AWS_CLUSTER_VERSION_NUM}-30030

  • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-ig-{AWS_CLUSTER_VERSION_NUM}-30040

  • Click Update to complete the configuration.

  • Skip if Edge Conductor is installed on-premise.

    • Go to the AWS EKS Console.
    • Click {AWS_CLUSTER_NAME}.
    • Click the Compute tab.
    • In the Compute tab, under Node groups, click ng-{AWS_DEFAULT_REGION_ALIAS}-edgecond-{INFRA_NAME}-controller.
    • In the Details tab, under Autoscaling group name, click the asg group resource.
    • In the Auto Scaling groups Details tab, under Load balancing, click Edit.
    • Step 1: Load balancing
      • Check Application, Network or Gateway Load Balancer target groups.
      • In Load balancers, select the following 2 items:
        • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-fe-{AWS_CLUSTER_VERSION_NUM}-31010
        • tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-be-{AWS_CLUSTER_VERSION_NUM}-31020
      • Click Update to complete the configuration.

5. Setup ALB

Please input the {variables} directly

NOTE: Ensure the status is Issued in 3. Setup Certificate Manager before proceeding.


  • Create ALB Security Group
    • Go to the AWS EC2 Console.
    • In the left menu, click Security Groups.
    • Click Create security group to create a security group for the ALB.
    • Step 1: Basic details
      • Security group name: scg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-alb
      • Description: Required
      • VPC: Select {AWS_VPC_NAME}
    • Step 2: Inbound rules
      • Click Add rules.
      • Source: Select Anywhere-IPv4.
    • Click Create security group.

  • Create ALB
    • Go to the AWS EC2 Console.
    • In the left menu, click Load Balancers.
    • Click Create Load Balancer to start creating the ALB.
    • Step 1: Load balancer types
      • Under Application Load Balancer, click Create.
    • Step 2: Basic configuration
      • Load balancer name: alb-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}
      • Scheme: Internet-facing
      • IP address type: IPv4
    • Step 3: Network mapping
      • VPC: Select {AWS_VPC_NAME}
      • Mappings
        • Select all Availability Zones.
        • Select SubnetPublic.
    • Step 4: Security groups
      • Select the security group: scg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-alb
    • Step 5: Listeners and routing
      • Listener
        • Protocol: HTTPS
        • Port: 443
        • Default action: Forward to tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-fe-{AWS_CLUSTER_VERSION_NUM}-30020
    • Step 6: Secure listener settings
      • Default SSL/TLS server certificate
        • Certificate source: Select From ACM
        • Certificate (from ACM): Select {DOMAIN_NAME}
    • Click Create load balancer.
    • In the Load Balancers list, the DNS name of the created ALB is {AWS_ALB_DNS_NAME}.

  • Configure ALB Listener Rules

    • In the Load balancers list, click the created resource.
    • In the Listeners and rules tab, click 1 rule under the Rules section.
    • Click Add rule.
    ConfigurationAI Conductor BackendAI Conductor FrontendAI Conductor KubeflowEdge Conductor Backend
    NOTE: Skip if installed on-premise    		Edge Conductor Frontend
    NOTE: Skip if installed on-premise
    Name and tags : NameAI Conductor BackendAI Conductor FrontendAI Conductor KubeflowEdge Conductor BackendEdge Conductor Frontend
    ConditionsAdd conditionAdd conditionAdd conditionAdd conditionAdd condition
    Conditions : rule condition typesHost headerHost headerHost headerHost headerHost header
    Conditions : Valueaicond.{DOMAIN_NAME}aicond.{DOMAIN_NAME}aicond-kf.{DOMAIN_NAME}edgecond.{DOMAIN_NAME}edgecond.{DOMAIN_NAME}
    ConditionsConfirmConfirmConfirmConfirmConfirm
    ConditionsAdd conditionAdd conditionAdd conditionAdd conditionAdd condition
    Conditions : rule condition typesPathPathPathPathPath
    Conditions : Value/api/*/*/*/app/*
    /web/*    		/*
    ConditionsConfirmConfirmConfirmConfirmConfirm
    ConditionsNextNextNextNextNext
    Actions : Routing actionsForward to target groupsForward to target groupsForward to target groupsForward to target groupsForward to target groups
    Actions : Target grouptg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-be-{AWS_CLUSTER_VERSION_NUM}-30030tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-fe-{AWS_CLUSTER_VERSION_NUM}-30020tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-aic-ig-{AWS_CLUSTER_VERSION_NUM}-30040tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-be-{AWS_CLUSTER_VERSION_NUM}-31020tg-{AWS_DEFAULT_REGION_ALIAS}-{INFRA_NAME}-{DEPLOY_ENV}-ec-fe-{AWS_CLUSTER_VERSION_NUM}-31010
    ActionsNextNextNextNextNext
    Rule : Priority100200300400500
    RuleNextNextNextNextNext
    CreateCreateCreateCreateCreateCreate

6. Additional Route53 Hosted Zones Configuration

Please input the {variables} directly

  • Go to the AWS Route53 Console.

  • In the left menu, click Hosted zones.

  • Click {DOMAIN_NAME}.

  • Click Create record.

  • Record name: *

  • Record type: Select A - Routes traffic to an IPv4 address and some AWS resources.

  • Enable Alias.

  • Route traffic to

    • Choose endpoint: Select Alias to Application and Classic Load Balancer.
    • Choose Region: Select {AWS_DEFAULT_REGION}.
    • Choose load balancer: Select dualstack.{AWS_ALB_DNS_NAME}.

  • Routing policy: Select Simple routing.

  • Click Create records.