Skip to content

Instantly share code, notes, and snippets.

@nikkaroraa

nikkaroraa/allow-https-elastic-beanstalk.md

Created September 18, 2020 14:17
Show Gist options
  • Save nikkaroraa/5dc568be44b5f21a4d7b22976053efe5 to your computer and use it in GitHub Desktop.
Save nikkaroraa/5dc568be44b5f21a4d7b22976053efe5 to your computer and use it in GitHub Desktop.
Download ZIP
How to configure HTTPS for Elastic Beanstalk?
Raw
allow-https-elastic-beanstalk.md

How to configure HTTPS for Elastic Beanstalk?

Get a SSL/TLS certificate

This can be done through AWS's Certificate Manager service.

Click here to view the steps

Open HTTPS port on the load balancer

  • Open the Elastic Beanstalk console, and then select your environment
  • In the navigation pane, choose Configuration
  • In the Load balancer category, choose Modify
  • To add the listener for port 443, choose one of the following sets of steps based on the type of load balancer in your Elastic Beanstalk environment

For a Classic Load Balancer:

  1. Choose Add Listener
  2. For Port, enter the incoming traffic port (typically 443)
  3. For Protocol, choose HTTPS
  4. For Instance Port, enter 80
  5. For Instance Protocol, choose HTTP
  6. For SSL certificate, choose your certificate, and then choose the SSL policy that you want to use from the drop-down menu
  7. Choose Add, and then choose Apply

For an Application Load Balancer:

  1. Choose Add Listener.
  2. For Port, enter the incoming traffic port (typically 443).
  3. For Protocol, choose HTTPS.
  4. For SSL certificate, choose your certificate, and then choose the SSL policy that you want to use from the drop-down menu.
  5. Choose Add, and then choose Apply.

For a Network Load Balancer:

  1. Choose Add Listener.
  2. For Port, enter the incoming traffic port (typically 443).
  3. Choose Add, and then choose Apply

Configure security groups of load balancer and instances to allow the connection through HTTPS (443 port)

Locating the Security Groups

  • Locate the Security Groups by navigating to EC2 service from the AWS console
  • From there, you should see Securty Groups in the left sidebar
  • There must be 2 different security groups there:
    • One for AWSEB (AWS Elastic Beanstalk)
    • Other for AWSEBLoadBalancer (as the name says, this is for the load balancer)

Configuring AWSEBLoadBalancer

  • Edit inbound rules

    • Open 443 port to allow traffic from the internet through https
    • The added entry should look like this:
      • Type: HTTPS
      • Protocol: TCP
      • Port range: 443
      • Source: 0.0.0.0/0

  • Edit outbound rules

    • Allow traffic through HTTPS (443 port) to go from the load balancer to the Elastic Beanstalk app
    • The added entry should look like this:
      • Type: HTTPS
      • Protocol: TCP
      • Port range: 443
      • Destination: Security group of Elastic Beanstalk (AWSEB)

Configuring AWSEB

  • Edit inbound rules
    • Allow traffic to come from the Load balancer through HTTPS (443 port)
    • The added entry should look like this:
      • Type: HTTPS
      • Protocol: TCP
      • Port range: 443
      • Source: Security group of the Load Balancer (AWSEBLoadBalancer)

Configuring HTTP to HTTPS redirection

Here is the link to the steps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment