Configuring your Elastic Beanstalk App for SSL

It’s always a good idea to add a SSL certificate. It gives people piece of mind when visiting your site that information isn’t being accessed by third-parties and also boosts your SEO ranking in Google. Setting your Elastic Beanstalk app up for SSL isn’t too difficult and requires just a few simple steps.

Getting Started

I’m going to assume you have a domain already registered, either living in Route 53 or another domain provider. To start with, if you haven’t done so already, you’ll need to point your domain to your EB app. This can be done by creating an Alias A Record and setting it’s value equal to your EB App’s URL. This can be found on the Elastic Beanstalk Dashboard.

Elastic Beanstalk Management Console

In this example, it’s http://ssl-example.eu-west-2.elasticbeanstalk.com. When adding this to your domain, ensure the A record is set to Yes for Alias. The value will then be your app’s Elastic Beanstalk URL.

Route 53 Configuration for an A Record

Now, if you visit your domain, in my case sslexample.jameshamann.com, you’ll see your app! You can try to type https://yourdomain.com but as there’s no certificate, the request will timeout. So let’s add a certificate!

Configure your App

In order to use a SSL certificate for your Elastic Beanstalk App, you’ll need to change the configuration of your app to use Load Balancers as opposed to a single instance. This can cost more, so please check your billing dashboard to ensure you’re not going over budget or anything.

What are Application Load Balancers?

In essence, instead of running a single instance, a load balancer distributes traffic across multiple targets, instances, across multiple availability zones, which boosts availability of your app.

In our example the SSL certificate is applied to the load balancer, so connections between the Client and Load Balancer are secure and encrypted.

In order to configure your app, head to the Configuration tab of your Elastic Beanstalk dashboard and click the modify link on the Capacity card.

Configuration Tab of Elastic Beanstalk App — Capacity card located at the top right

Once here, the only thing I advise you to change is the maximum number of instances, from 4 to 1, however that’s up to you.

Don’t change anything else, just hit Save.

Adding a Load Balancer

This will then take you back to the configuration page, where you’ll need to hit Apply for your changes to take place. As your app will be unavailable for a short period whilst the changes take place, you’ll need to confirm again after hitting Apply.

Creating an SSL Certificate with ACM

Now we need to actually create our certificate. As we’re using Elastic Beanstalk, it makes sense to create a certificate in ACM (Amazon Certificate Manager).

In my case, I opted for a wildcard certificate for the domain jameshamann.com. This means all alias domains, i.e sslexample.jameshamann.com will be covered by the same SSL certificate. To do this, head over to ACM and request a certificate. Type in your domain, if you wish to setup a wild card add a * to the beginning of your domain.

AWS Certificate Manager Requesting a Certificate

You’ll have two options to validate that you’re the owner of the domain. DNS or Email. I chose DNS, but whatever you choose, just make sure you have access to the correct email domains if choosing email.

DNS Config for domain

To verify via DNS, you’ll need to add a CNAME record with whatever values are generated in your DNS_Configuration.csv file.

Enter the Name value from the .csv file and the Value from the .csv file and hit create.

This will take a little time to verify, but once done, your certificate should move from Pending to Issued.

Bringing it all together

Lastly, we need to apply our newly created SSL Certificate to our App’s Load Balancer. To do this, navigate to the Configuration Tab of your Elastic Beanstalk App. There should be a new card labelled Load Balancer.

Click modify on the Load Balancer card

In order to add the certificate, we’ll need to open up port 443 (SSL Port) and assign our certificate.

If your certificate doesn’t appear in the dropdown, try refreshing and waiting a bit. Once it does, choose it and hit save. Again, you’ll be directed back to the Configuration page where you’ll have to Apply your changes.

Once completeled, navigate to https://yourdomain.com and you should see your site served through HTTPS.

Site Secured!

As always, thanks for reading, hit 👏 if you like what you read and be sure to follow to keep up to date with future posts.

James Hamann

Written by

Software Developer https://jameshamann.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade