Using AWS Certificate Manager (ACM Certificate) with Elastic Beanstalk
When you have a certificate for your domain issued through AWS Certificate Manager, how do you apply that certificate to an Elastic Beanstalk application.
Yes, the E
-
Check in which zone you created the certificate and if it matches the Elastic Beanstalk zone. I had them in different zones so it didn't work.
讨论(0) -
I found out, you cannot do it through the elastic beanstalk console (at least not yet). However you can still set it via the eb cli, or aws cli.
Using EB CLI
Basically what we are trying to do is to update the
aws:elb:listenersetting, you can see the possible settings in the general options docs.Using the EB CLI is pretty simple. Assuming we already setup the
awsebclitool for our project we can use theeb configcommand.It will open up your default terminal editor and allow you to change settings which are written as a YAML file. When you make a change and save it, the
eb configcmd will automatically update the settings for your Elastic Beanstalk environment.You will need to add the following settings to your config file:
aws:elb:listener:443: InstancePort: '80' InstanceProtocol: HTTP ListenerEnabled: 'true' ListenerProtocol: HTTPS PolicyNames: null SSLCertificateId: CERTIFICATE_ARN_HEREChange the value for
CERTIFICATE_ARN_HEREto your AMC Certificates ARN. You can find it in the AWS Certificate Manager console:IMPORTANT: Your
aws:elb:listener:443setting MUST be placed above theaws:elb:listener:80setting. Otherwise the environment configuration update will error out.
Using AWS CLI
The same can be accomplished using the general
aws clitools via the update-environment command.aws elasticbeanstalk update-environment \ --environment-name APPLICATION_ENV --option-settings \ Namespace=aws:elb:listener:443,OptionName=InstancePort,Value=80 \ Namespace=aws:elb:listener:443,OptionName=InstanceProtocol,Value=HTTP \ Namespace=aws:elb:listener:443,OptionName=ListenerProtocol,Value=HTTPS \ Namespace=aws:elb:listener:443,OptionName=SSLCertificateId,Value=CERTIFICATE_ARN_HERENOTE: When you update it via either of the methods above, the Elastic Beanstalk console will not show HTTPS as enabled. But the load balancer will, and it will also apply to the Cloudformation template as well get saved into the EB's configuration.
讨论(0) -
You can do this purely with CloudFormation; however, as seems to be quite common with Elastic Beanstalk the configuration options are much harder to find in the docs than they are for the individual components that comprise Elastic Beanstalk. The info is here:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-elbloadbalancer
But basically what you need to do is add the creation of the cert to your template and then reference it in
OptionSettingsinAWS::ElasticBeanstalk::ConfigurationTemplate:"Certificate" : { "Type": "AWS::CertificateManager::Certificate", "Properties": { "DomainName": "example.com", } }, // ... "ElasticbeanstalkTemplate": { "Type": "AWS::ElasticBeanstalk::ConfigurationTemplate", "Properties": { "SolutionStackName": "MyEBStack", "ApplicationName": "MyAppName", "Description": "", "OptionSettings": [{ "Namespace": "aws:elb:listener:443", "OptionName": "InstancePort", "Value": "80" }, { "Namespace": "aws:elb:listener:443", "OptionName": "InstanceProtocol", "Value": "HTTP" }, { "Namespace": "aws:elb:listener:443", "OptionName": "ListenerProtocol", "Value": "HTTPS" }, { "Namespace": "aws:elb:listener:443", "OptionName": "SSLCertificateId", "Value": { "Ref": "Certificate" } }, /*More settings*/]讨论(0) -
I find the simplest way is change the EB Load Balancer via the user console. Click change and select the new ACM certificate.
When you view the EB configuration, it will not appear, but it will be set
讨论(0)
加载中...
- 热议问题