How to Configure SSL for AWS Elastic Beanstalk Environment ☁️
What is an SSL Certificate and How Does it Work?
SSL certificates create an encrypted connection and establish trust. One of the most important components of online business is creating a trusted environment where potential customers feel confident in making purchases. SSL certificates create a foundation of trust by establishing a secure connection. To assure visitors their connection is secure.
Below are the contents to be followed for the whole procedure.
1. Generate SSL/TLS certificate
2. Add CNAME Record
3. Configure/Attaching SSL certificate in Elastic BeanStalk Configuration
4. Update HTTP/HTTPS Listeners
- Generate SSL/TLS certificate.
First of all, we have to purchase an SSL certificate from Certificate/DNS providers like Symantec, GoDaddy, etc, Even you can get it from AWS Console.
Let’s have a quick look, Open your AWS console
AWS Console> Certificate Manager> Request a public certificate.
Note: Region must be the same as your Elastic BeanStalk Env. See in below screen, Selected region is Mumbai.
AWS Console> Certificate Manager> Request a public certificate
Follow all five steps in the above screenshot in the left side.
Select validation methods → DNS validation or Email Validation. I wish to select the DNS validation.
Add Tags and Review are optional, Then Click confirm and request. Now go to Certificate Manager Home page → select your certificate, You will be able to see the below screen.
AWS Console> Certificate Manager> Choose your certificate.
Above screen we see a keyword like CNAME. What is CNAME…!! I am not supposed to explain here. 😅 it is beyond the scope of this post. I would like to suggest you to google that for more information on CNAME.. 😁
2. Add CNAME Record.
We need to add the above CNAME record to the DNS configuration for domain. So for that, we have to go to our DNS providers. My DNS provider is Router53. So following are the steps to add CNAME in DNS configuration. AWS Console> Route53> DNS Management> Select Your Domain> Create Record Set
Route53> DNS Management> Select Your Domain.> Create Record Set
Name → CNAME (excluding your domain name)
Type → Select Type CNAME-Canonical name.
If your DNS provider does not support CNAME values with a leading underscore, see Troubleshoot DNS Validation Problems.
Okay, cool. So far what we did? I hope all clear👍 Okay, Now Let’s move to our Elastic BeanStalk Environment.
3. Configure/Attaching SSL certificate in Elastic BeanStalk Configuration
Follow the steps to reach your environment in Elastic BeanStalk.
1. Go to AWS Services
2. Search Elastic BeanStalk and Click Elastic Beanstalk.
3. Click on Environments and select your environment
or Click on Applications > your application > select your environment
4. Click on Configuration under your environment in the left hand side.
5. Search Capacity and Click Edit.
I hope you will find a screen like below.
Elastic Beanstalk> Environments> Your Environment> Configuration > Capacity
Here select Loan Balanced from Environment Type. Do nothing and just click on the Apply button. This may take some time. Wait until it gets finished.
Okay, I hope It’s completed and now we are ready to attach an SSL certificate. For that again go back and
1. Click on Configuration under your environment in the left-hand side.
2. Search Load Balancer and click Edit.
Note : Edit button will be visible when the Capacity is modified from Configuration as we did in previous steps.
Now you see a screen like this.
Elastic Beanstalk> Environments> your environment> Configuration > Load balancer
Here, You see that we have only one listener where the port is 80 protocol HTTP means your server is running HTTP server by default. So we have to add a listener and need to map it port 443 and protocol HTTPS means https server. So, To do that click on Add Listener
Once you click on Add Listener, A pop-up will open
1. Put 443 in Listener port
2. Select HTTPS from Listener protocol
3. Put 80 in Instance port
4. Select HTTP from Instance protocol
5. Choose your certificate form the SSL certificate.
6. Click on Add.
Okay, You have been attached your certificate successfully.
Now you see a screen like below.
Go and Click on Apply.
This may take some time to deploy configuration, Wait until it gets finished.
Elastic Beanstalk> Environments> your environment> Configuration > Load balancer
I hope, Your deployment is done successfully.
Okay, cool. What are you waiting for now ?? 🤔
You have been your website secure🔓, Open your website https://….
Wait…Wait…Wait……
Note : May be your website is still running on http, although it has become secure 🔒 and running on both http and https.
Anyway, we have to stop accessing website from protocol HTTP and port 80. Don’t worry😟 folks…
I assure that your site would not be supposed to be accessed through HTTP. Okay, To do that Let’s go with the next step. 👉
4. Update HTTP/HTTPS Listeners.
So the main purpose of this step is to stop accessing your website from protocol HTTP and port 80 as I assured earlier. otherwise, I have no interest in doing all this 😅. Okay, Let’s follow the steps below.
1. Go to AWS Services.
2. Search EC2 and Click EC2.
3. Click on Loan Balancers.
4. Choose your Loan Balancer (This was created when you deployed your environment from step 3).
AWS Console> EC2> Load Balancers
5. Once you choose it, You see some information about Load balancer like Description, Instances, Health check, Listeners, Monitoring, Tags, Migration, etc.
6. Click on Listeners. (A pop-up will open like in above screen)
7. Now you have two options Either (1) Update the Instance Port from 80 to 443 for Load Balancer Protocol(HTTP) or (2) Remove the row Load Balancer Protocol(HTTP) by clicking the Remove button. I wish to update the Instance Port.
8. Click on Save.
Okay, now I expect that the website is not supposed to be accessed from HTTP. This will be accessed from https only.
Hey, I hope this blog helped you a lot. Enjoy 🙂,
Please let me know in the comments if you have any queries.
