[tachion]

This is probably missing because it's dead simple to solve on the application/infrastructure side by sending 302 or even 301 if you don't really miss the HTTP.

For things like that, that are very easily solvable other way I don't expect Amazon to work on them anytime soon, if ever.

[momania]

It's easy to solve in the application, but then I need to have an http and https endpoint in my application, just for this redirect, already behind the ALB. I mean, if they can build in authentication redirects on the load balancer, how hard is it then to add a simple http -> https redirect, so this http traffic never has to 'touch' my application.

[jnsaff2]

Well you don't need to have two listeners, you just need to check "X-Forwarded-Proto" header and if it's not "https" then do the redirect. I think checking that header is a good idea anyway for something sensitive.

Also if you use API GW/CloudFront they would do that for you too.

[vegardx]

I think it's more likely that they want to differentiate LBs and CloudFront, feature wise.

It would make sense to do it in the load balancer, you want to do the redirect as soon as possible. So if you want to do it the correct way you get the option of paying for both ALB and CF.