My Application is deployed on ElasticBeanStalk on AWS. It is accessing an API that needs SSL certificate to be installed on the instance. I have to manually run the keytool command to import the certificate file every time the instance rebuilds. And whenever EBS rebuilds the EC2 instance, the installed certificates are lost and I have to again transfer the certificate file and install the certificates again.
I think ebextensions can be a solution to this problem but I am not able to understand the exact way to use it.
Please help me with some directions here.
First you need to create the file you want in question, then put it into an S3 bucket. I'd recommend you have it encrypted, and that there's no public permissions on the file for security purposes. From there, in your application root you'll create a .ebextensions folder in your application source root. In there you'll create a .config file named however you want.
This file will need to spell out where to grab the cert you need from and where to put it. The AWS documents spell out how to grab a file from S3 and put it somewhere. The instance profile it's talking about is described here. It's basically a way to allow your instance to talk to S3 without needing to store credentials in a file somewhere. You'll need to make sure it has at least read permissions on the bucket to pull the file.
Once this is all setup beanstalk should have the file on the instance when all is said and done. Another option is to generate a custom AMI with the key already on the file system. Just be aware of the performance considerations it mentions in the document.