Configure AWS Elastic Beanstalk application to use SSL

beanstalkIn this post I show you how to set up HTTPS for an application (REST API) running on AWS Elastic Beanstalk. This post is the last in a serie of three. As described in my previous two post I have performed the first two steps to obtain a SSL certificate for my subdomain and I am ready to use it now in the third and last step:

  • Assign a (sub)domain to your application
  • Obtain a certificate from the AWS Certificate Manager
  • Configure AWS Beanstalk application to use SSL

As I said before there are multiple ways and variations to implement HTTPS for an application running on AWS but I show just one of them (being the most simple one) here. In this situation we let the elastic load balancer terminate the HTTPS call so our application doesn’t need to have any notion of the SSL part (as I said before this might be the easiest way but doesn’t necessarily mean the best way for certain use cases). To make the load balancer terminate the SSL connection we simply configure the load balancer by using a config script in our .ebextensions folder. In the config script we add a listener on port 443 (default for SSL) and put the ARN of our SSL certificate that is maintained in the AWS Certificate Manager. I also make sure the listener at port 80 is closed so only HTTPS connections are allowed at the ELB. The script looks like this:

    SSLCertificateId: arn:aws:acm:eu-central-1:101873222293:certificate/46712371-269b-4d9f-f3f4-e83abc78a289
    ListenerProtocol: HTTPS
    InstancePort: 80
    InstanceProtocol: HTTP
    ListenerEnabled: false

If the environment is now recreated the API can only be accessed from the outside world via HTTPS as you can see in the following screenshots:
Screenshot at Sep 05 20-42-27
Screenshot at Sep 05 20-44-41

About Pascal Alma

Pascal is a senior software developer and architect. Pascal has been designing and building applications since 2001. He is particularly interested in Open Source toolstack (Mule, Spring Framework, JBoss) and technologies like Web Services, SOA and Cloud technologies. Lately he is having great fun by building iOS apps with Swift. Specialties: JEE AWS XML/XSD/XSLT Web Services/SOA Mule ESB/ WSO2 ESB Maven Cloud Technology Swift/ iOS
This entry was posted in AWS, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s