Configure AWS Elastic Beanstalk application to use SSL

beanstalkIn this post I show you how to set up HTTPS for an application (REST API) running on AWS Elastic Beanstalk. This post is the last in a serie of three. As described in my previous two post I have performed the first two steps to obtain a SSL certificate for my subdomain and I am ready to use it now in the third and last step:

  • Assign a (sub)domain to your application
  • Obtain a certificate from the AWS Certificate Manager
  • Configure AWS Beanstalk application to use SSL

As I said before there are multiple ways and variations to implement HTTPS for an application running on AWS but I show just one of them (being the most simple one) here. In this situation we let the elastic load balancer terminate the HTTPS call so our application doesn’t need to have any notion of the SSL part (as I said before this might be the easiest way but doesn’t necessarily mean the best way for certain use cases). To make the load balancer terminate the SSL connection we simply configure the load balancer by using a config script in our .ebextensions folder. In the config script we add a listener on port 443 (default for SSL) and put the ARN of our SSL certificate that is maintained in the AWS Certificate Manager. I also make sure the listener at port 80 is closed so only HTTPS connections are allowed at the ELB. The script looks like this:

option_settings:
  aws:elb:listener:443:
    SSLCertificateId: arn:aws:acm:eu-central-1:101873222293:certificate/46712371-269b-4d9f-f3f4-e83abc78a289
    ListenerProtocol: HTTPS
    InstancePort: 80
    InstanceProtocol: HTTP
  aws:elb:listener:80:
    ListenerEnabled: false

If the environment is now recreated the API can only be accessed from the outside world via HTTPS as you can see in the following screenshots:
Screenshot at Sep 05 20-42-27
vs.
Screenshot at Sep 05 20-44-41

Advertisements

About Pascal Alma

Pascal is a senior IT consultant and has been working in IT since 1997. He is monitoring the latest development in new technologies (Mobile, Cloud, Big Data) closely and particularly interested in Java open source tool stacks, cloud related technologies like AWS and mobile development like building iOS apps with Swift. Specialties: Java/JEE/Spring Amazon AWS API/REST Big Data Continuous Delivery Swift/iOS
This entry was posted in AWS, Security and tagged , , . Bookmark the permalink.