[momania]

It's easy to solve in the application, but then I need to have an http and https endpoint in my application, just for this redirect, already behind the ALB. I mean, if they can build in authentication redirects on the load balancer, how hard is it then to add a simple http -> https redirect, so this http traffic never has to 'touch' my application.

[jnsaff2]

Well you don't need to have two listeners, you just need to check "X-Forwarded-Proto" header and if it's not "https" then do the redirect. I think checking that header is a good idea anyway for something sensitive.

Also if you use API GW/CloudFront they would do that for you too.