How to configure SSL for AWS Elastic Beanstalk | AWS Elastic Beanstalk Survival GuideGetting the green lock for your production AWS Elastic Beanstalk environment
Getting The Green Lock
If your production environment is dealing with any sensitive stuff like transactions, having it SSL-secured is the minimal amount of security measure that you should take.
To do that, you need to purchase a SSL cert. You can purchase it from many places but my favourite is SSLMate because they made the buying process a breeze.
After your purchase, you will get three files that will be crucial to setting up SSL on your Elastic Beanstalk environment:
- Certificate Chain file
- Private Key file
- Public Key Certificate file
Let's say you are not using SSLMate to purchase the SSL cert and the SSL provider asked for a
CSR (Certificate Signing Request) file. You will need to create it yourself.
Create a CSR with
- Install openssl
- Create a private key
openssl genrsa -out [name-your-key].key 2048
openssl genrsa -out helloeb.com.key 2048
- Create the CSR
openssl req -new -sha256 -key [path-to-private-key].key -out [name-of-csr].csr
openssl req -new -sha256 -key helloeb.com.key -out helloeb.com.csr
For more detailed explanation:
You will get the private key file (
helloeb.com.key) and CSR file (
helloeb.com.csr). Submit the CSR to the SSL provider and they should return two important files to you - Public Key Certificate file and the Certificate Chain file.
Attaching the SSL cert to a load-balancer
There are two ways to attach a SSL cert to your Elastic Beanstalk environment's load-balancer.
1) Do it through
aws iam upload-server-certificate --server-certificate-name sslhelloeb --certificate-body file://publickeycertificatefile --private-key file://helloeb.com.key --certificate-chain file://certificatechain_file
Take note: that you must use
file:// prefix to locate your files.
After this is done, go to the Elastic Beanstalk management console, click on
Loading Balancing tab and under
SSL certificate ID, select the SSL certificate that you have uploaded. In my case, it will be
2) Do it through the management console
- Click on Services > Compute > EC2 > Load Balancers
- Select your load balancer and click on the
- Click on
HTTPSas protocol and click
Changeunder SSL Certificate
Upload a new SSL certificate to AWS Identity and Access Management (IAM)
- Name your cert and paste the specific file contents
Attaching TWO SSL cert to one environment
So what if you had to attach two SSL cert to one environment? I'm not judging because I ran into the same problem.
One load balancer can only take one SSL cert. The gist of the solution will be to create one more load-balancer and point it to the same instances that original load-balancer is pointing to. Then attach the second SSL cert to the second load-balancer.
1. Click on 'Services > Compute > EC2 > Load Balancers'.
2. Click on 'Create Load Balancer'
3. Use the exact same VPC group and security group as the primary load balancer. You can find information under the primary load balancer's
4. Click on 'Auto-Scaling Group`
5. Add the newly created load balancer to the same auto-scaling group as the primary load balancer and you are in business!
We have come to an end of this survival guide series. I hope you had learned something or at least be familiarised with using Elastic Beanstalk. There are still a lot of unexplored terrains in the AWS landscape but that's another time for another series.
Like this AWS Elastic Beanstalk Survival Guide Series? Remember to subscribe below for more of such series
Elastic Beanstalk Survival Guide: Table Of Content
- Chapter 1: Introduction
- Chapter 2: Getting Started
- Chapter 3: How to deploy application on AWS Elastic Beanstalk
- Chapter 4: How to configure AWS Elastic Beanstalk to scale
- Chapter 5: How to map custom domain name for AWS Elastic Beanstalk
- Chapter 6: How to configure SSL for AWS Elastic Beanstalk
- Chapter 7: How to configure a Worker Environment for AWS Elastic Beanstalk