Enabling SSL/TLS (for free) via AWS Certificate Manager on Elastic Beanstalk

AWS Certificate Manager just launched today and you can now get free SSL/TLS certificates from Amazon if you’re using Elastic Load Balancer or CloudFront!

Unfortunately, Elastic Beanstalk hasn’t added support for ACM yet…so you can’t enable your ACM cert from the console. BUT…since Beanstalk uses ELB you can still enable your certificate! There’s a few ways to do this. I’m going to explain how to do it using the AWS CLI.

There’s one caveat here: You must be using elastic beanstalk with an elastic load balancer (single instance environments without an ELB in front won’t work).

Step 1: Acquire an ACM certificate. (You can find a guide on how to do this here or here)

Step 2: Obtain your certificate’s ARN (Amazon Resource Name). You can find the ARN in the ACM console.

Step 3: Setup the AWS CLI. (install and configure)

Step 4: Create a JSON file that contains the new beanstalk settings we want to add. Replace the YOUR-ARN-HERE string with the ARN from step 2. Save it as elb-acm.json.

"Namespace" : "aws:elb:listener:443",
"OptionName" : "ListenerProtocol",
"Value" : "HTTPS"
"Namespace" : "aws:elb:listener:443",
"OptionName" : "SSLCertificateId",
"Value" : "YOUR-ARN-HERE"
"Namespace" : "aws:elb:listener:443",
"OptionName" : "InstancePort",
"Value" : "80"
"Namespace" : "aws:elb:listener:443",
"OptionName" : "InstanceProtocol",
"Value" : "HTTP"

Step 5: Run the following command (replace Your-Environment with the name of your beanstalk environment and the PATH-TO-JSON with the path to the JSON file you created in step 4):

aws elasticbeanstalk update-environment --environment-name Your-Environment --option-settings file://PATH-TO-JSON/elb-acm.json

Step 6: Go to the events page on the beanstalk console and wait until you see the line “Environment update completed successfully.”. Once you see that, you can verify it worked by looking at the ELB config on the EC2 console (it won’t show up in the beanstalk console).

Congratulations, you’re done!

I hope this guide helped you! I plan on doing more AWS related posts soon!

Show your support

Clapping shows how much you appreciated Anand Capur’s story.