CloudFormation Template that creates 2 EC2 HAProxy instances and an ELB. Please review the complete blog post for additional details about this solution.
Here is how the solution works, as shown in the preceding numbered diagram:
- The LDAP client sends an LDAPS request to ELB on TCP port 636.
- ELB terminates the SSL/TLS session and decrypts the traffic using a certificate. ELB sends the decrypted LDAP traffic to the EC2 3. instances running HAProxy on TCP port 389.
- The HAProxy servers forward the LDAP request to the Simple AD servers listening on TCP port 389 in a fixed Auto Scaling group configuration.
- The Simple AD servers send an LDAP response through the HAProxy layer to ELB. ELB encrypts the response and sends it to the client.