Create a listener for your Network Load Balancer

To add a listener

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Load Balancers.

3. Select the name of the load balancer to open its details page.

4. On the Listeners tab, choose Add listener.

5. For Protocol, choose TCP, UDP, TCP_UDP, TLS, QUIC, or TCP_QUIC. Keep the default port or type a different port.

6. For Default action, choose an available target group. If you don't have a target group that meets your needs, choose Create target group to create one now. For more information, see Create a target group.

7. [TLS listeners] For Security policy, we recommend that you keep the default security policy.

8. [TLS listeners] For Default SSL/TLS server certificate, choose the default certificate. You can select the certificate from one of the following sources:

   • If you created or imported a certificate using AWS Certificate Manager, choose From ACM, then choose the certificate from Certificate (from ACM).

   • If you imported a certificate using IAM, choose From IAM, and then choose the certificate from Certificate (from IAM).

   • If you have a certificate, choose Import certificate. Choose either Import to ACM or Import to IAM. For Certificate private key, copy and paste the contents of the private key file (PEM-encoded). For Certificate body, copy and paste the contents of the public key certificate file (PEM-encoded). For Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate.

9. [TLS listeners] For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN. For more information, see ALPN policies.

10. Choose Add.

11. [TLS listeners] To add certificates to the optional certificate list, see Add certificates to the certificate list.