Open in app

Sign in

Write

Sign in

Enabling SSL/TLS (for free) via AWS Certificate Manager on Elastic Beanstalk

AWS Certificate Manager just launched today and you can now get free SSL/TLS certificates from Amazon if you’re using Elastic Load Balancer or CloudFront!

Anand Capur
2 min readJan 21, 2016

Unfortunately, Elastic Beanstalk hasn’t added support for ACM yet…so you can’t enable your ACM cert from the console. BUT…since Beanstalk uses ELB you can still enable your certificate! There’s a few ways to do this. I’m going to explain how to do it using the AWS CLI.

There’s one caveat here: You must be using elastic beanstalk with an elastic load balancer (single instance environments without an ELB in front won’t work).

Step 1: Acquire an ACM certificate. (You can find a guide on how to do this here or here)

Step 2: Obtain your certificate’s ARN (Amazon Resource Name). You can find the ARN in the ACM console.

Step 3: Setup the AWS CLI. (install and configure)

Step 4: Create a JSON file that contains the new beanstalk settings we want to add. Replace the YOUR-ARN-HERE string with the ARN from step 2. Save it as elb-acm.json.

[
{
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "ListenerProtocol",
  "Value" : "HTTPS"
},
{
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "SSLCertificateId",
  "Value" : "YOUR-ARN-HERE"
},
{
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "InstancePort",
  "Value" : "80"
},
{
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "InstanceProtocol",
  "Value" : "HTTP"
}
]

Step 5: Run the following command (replace Your-Environment with the name of your beanstalk environment and the PATH-TO-JSON with the path to the JSON file you created in step 4):

aws elasticbeanstalk update-environment --environment-name Your-Environment --option-settings file://PATH-TO-JSON/elb-acm.json

Step 6: Go to the events page on the beanstalk console and wait until you see the line “Environment update completed successfully.”. Once you see that, you can verify it worked by looking at the ELB config on the EC2 console (it won’t show up in the beanstalk console).

Congratulations, you’re done!

I hope this guide helped you! I plan on doing more AWS related posts soon!

AWS
Ssl
Elastic Beanstalk

--

--

Anand Capur

Written by Anand Capur

260 Followers

Sr. TPM @ Tango Card, formerly at Amazon and Microsoft. Director of Technology @ Hacker Fund. I love anything payments related! All posts are my own.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams