It’s always a good idea to add a SSL certificate. It gives people piece of mind when visiting your site that information isn’t being accessed by third-parties and also boosts your SEO ranking in Google. Setting your Elastic Beanstalk app up for SSL isn’t too difficult and requires just a few simple steps.
I’m going to assume you have a domain already registered, either living in Route 53 or another domain provider. To start with, if you haven’t done so already, you’ll need to point your domain to your EB app. This can be done by creating an Alias A Record and setting it’s value equal to your EB App’s URL. This can be found on the Elastic Beanstalk Dashboard.
In this example, it’s http://ssl-example.eu-west-2.elasticbeanstalk.com. When adding this to your domain, ensure the A record is set to Yes for Alias. The value will then be your app’s Elastic Beanstalk URL.
Now, if you visit your domain, in my case sslexample.jameshamann.com, you’ll see your app! You can try to type https://yourdomain.com but as there’s no certificate, the request will timeout. So let’s add a certificate!
Configure your App
In order to use a SSL certificate for your Elastic Beanstalk App, you’ll need to change the configuration of your app to use Load Balancers as opposed to a single instance. This can cost more, so please check your billing dashboard to ensure you’re not going over budget or anything.
What are Application Load Balancers?
In essence, instead of running a single instance, a load balancer distributes traffic across multiple targets, instances, across multiple availability zones, which boosts availability of your app.
In our example the SSL certificate is applied to the load balancer, so connections between the Client and Load Balancer are secure and encrypted.
In order to configure your app, head to the Configuration tab of your Elastic Beanstalk dashboard and click the modify link on the Capacity card.
Once here, the only thing I advise you to change is the maximum number of instances, from 4 to 1, however that’s up to you.
Don’t change anything else, just hit Save.
This will then take you back to the configuration page, where you’ll need to hit Apply for your changes to take place. As your app will be unavailable for a short period whilst the changes take place, you’ll need to confirm again after hitting Apply.
Creating an SSL Certificate with ACM
Now we need to actually create our certificate. As we’re using Elastic Beanstalk, it makes sense to create a certificate in ACM (Amazon Certificate Manager).
In my case, I opted for a wildcard certificate for the domain jameshamann.com. This means all alias domains, i.e sslexample.jameshamann.com will be covered by the same SSL certificate. To do this, head over to ACM and request a certificate. Type in your domain, if you wish to setup a wild card add a * to the beginning of your domain.
You’ll have two options to validate that you’re the owner of the domain. DNS or Email. I chose DNS, but whatever you choose, just make sure you have access to the correct email domains if choosing email.
To verify via DNS, you’ll need to add a CNAME record with whatever values are generated in your DNS_Configuration.csv file.
This will take a little time to verify, but once done, your certificate should move from Pending to Issued.
Bringing it all together
Lastly, we need to apply our newly created SSL Certificate to our App’s Load Balancer. To do this, navigate to the Configuration Tab of your Elastic Beanstalk App. There should be a new card labelled Load Balancer.
In order to add the certificate, we’ll need to open up port 443 (SSL Port) and assign our certificate.
If your certificate doesn’t appear in the dropdown, try refreshing and waiting a bit. Once it does, choose it and hit save. Again, you’ll be directed back to the Configuration page where you’ll have to Apply your changes.
Once completeled, navigate to https://yourdomain.com and you should see your site served through HTTPS.
As always, thanks for reading, hit 👏 if you like what you read and be sure to follow to keep up to date with future posts.