DevOps

Configure AWS Elastic Beanstalk application to use SSL

In this post I show you how to set up HTTPS for an application (REST API) running on AWS Elastic Beanstalk. This post is the last in a serie of three. As described in my previous two post I have performed the first two steps to obtain a SSL certificate for my subdomain and I am ready to use it now in the third and last step:

  • Assign a (sub)domain to your application
  • Obtain a certificate from the AWS Certificate Manager
  • Configure AWS Beanstalk application to use SSL

As I said before there are multiple ways and variations to implement HTTPS for an application running on AWS but I show just one of them (being the most simple one) here. In this situation we let the elastic load balancer terminate the HTTPS call so our application doesn’t need to have any notion of the SSL part (as I said before this might be the easiest way but doesn’t necessarily mean the best way for certain use cases). To make the load balancer terminate the SSL connection we simply configure the load balancer by using a config script in our .ebextensions folder. In the config script we add a listener on port 443 (default for SSL) and put the ARN of our SSL certificate that is maintained in the AWS Certificate Manager. I also make sure the listener at port 80 is closed so only HTTPS connections are allowed at the ELB. The script looks like this:

option_settings:
  aws:elb:listener:443:
    SSLCertificateId: arn:aws:acm:eu-central-1:101873222293:certificate/46712371-269b-4d9f-f3f4-e83abc78a289
    ListenerProtocol: HTTPS
    InstancePort: 80
    InstanceProtocol: HTTP
  aws:elb:listener:80:
    ListenerEnabled: false

If the environment is now recreated the API can only be accessed from the outside world via HTTPS as you can see in the following screenshots:

screenshot-at-sep-05-20-42-27
vs.

screenshot-at-sep-05-20-44-41

Pascal Alma

Pascal is a senior JEE Developer and Architect at 4Synergy in The Netherlands. Pascal has been designing and building J2EE applications since 2001. He is particularly interested in Open Source toolstack (Mule, Spring Framework, JBoss) and technologies like Web Services, SOA and Cloud technologies. Specialties: JEE, SOA, Mule ESB, Maven, Cloud Technology, Amazon AWS.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Back to top button