In this post, I will show you how to set up HTTPS for an application (REST API) running on AWS Elastic Beanstalk. This post is the last in a series of three. As described in my previous two posts, I have performed the first two steps to obtain an SSL certificate for my subdomain and I am ready to use it now in the third and last step:
- Assign a (sub)domain to your application.
- Obtain a certificate from the AWS Certificate Manager.
- Configure AWS Beanstalk application to use SSL.
As I said before, there are multiple ways and variations to implement HTTPS for an application running on AWS but I show just one of them (being the most simple one) here. In this situation we let the elastic load balancer terminate the HTTPS call so our application doesn’t need to have any notion of the SSL part (as I said before this might be the easiest way but doesn’t necessarily mean the best way for certain use cases). To make the load balancer terminate the SSL connection we simply configure the load balancer by using a config script in our .ebextensions folder. In the config script we add a listener on port 443 (default for SSL) and put the ARN of our SSL certificate that is maintained in the AWS Certificate Manager. I also make sure the listener at port 80 is closed so only HTTPS connections are allowed at the ELB. The script looks like this:
option_settings: aws:elb:listener:443: SSLCertificateId: arn:aws:acm:eu-central-1:101873222293:certificate/46712371-269b-4d9f-f3f4-e83abc78a289 ListenerProtocol: HTTPS InstancePort: 80 InstanceProtocol: HTTP aws:elb:listener:80: ListenerEnabled: false
If the environment is now recreated, the API can only be accessed from the outside world via HTTPS as you can see in the following screenshots: