I have a running Elastic Beanstalk instance running on a security group that have http and https authorized in inbound. But https doesnt seems to work... Why?
Second question: I am currently creating a ssl certificate for my domain name. Where am I supposed to upload it on AWS ?
Thank you
You can configure HTTPS for your Elastic Beanstalk environment. Please read the following document: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html
You can upload your SSL certificate to AWS IAM using the console or CLI whichever you prefer. You need not modify the security group of the EC2 instance directly.
More details on Step 3 of the documentation above:
Create a file called 01-ssl.config in a folder named .ebextensions inside your app source.
Put the following inside this file.
option_settings:
- namespace: aws:elb:loadbalancer
option_name: LoadBalancerHTTPSPort
value: 443
- namespace: aws:elb:loadbalancer
option_name: SSLCertificateId
value: <arn of your ssl certificate>
These option settings should automatically modify your security group ingress rules to allow traffic appropriately.
You can read more about customizing your Elastic Beanstalk environment using ebextensions here.
Details about all option settings supported including the ELB ones are available here. Let me know if you run into any issues.
Update
By default when you create an Elastic Beanstalk environment it creates an EC2 instance and puts it behind an Elastic Load Balancer. If you do not need a load balancer then you can create a Single Instance environment as explained here or do you already have a single instance environment. Once you have a single instance environment you can configure SSL for your environment as explained here.
Update on how to not put your certificate in your config file
Since you do not want to put the server.crt file in your ebextensions config file you can upload your file to S3 and then ask Elastic Beanstalk to download that file directly to your EC2 instance. The only thing that changes in the example here is that you use a source
instead of content to specify the contents of your file. In the source section you can put the URL from where you want the file to be downloaded.
Your ebextensions will then look like:
files:
/etc/pki/tls/certs/server.crt:
mode: "000777"
owner: ec2-user
group: ec2-user
source: <URL>
That way you don't need to put the contents in the repo. Read more about the file directive here.
In case you run into issues double check that your IAM instance profile (the one with which you run your beanstalk environment) has access to your S3 object. If you need more details about IAM instance roles and Elastic Beanstalk read this and this.