3

I have a standard Elastic Beanstalk app set up and running great over HTTP. Following the AWS Documentation I requested an SSL Certificate and configured it with CloudFront.

Instead of a load-balancer I am adding an ingress rule to the AWSEBSecurityGroup security group that opens port 443 to all traffic for a single instance environment. Detailed here.

Using this snippet;

Resources:
sslSecurityGroupIngress: 
Type: AWS::EC2::SecurityGroupIngress
Properties:
  GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
  IpProtocol: tcp
  ToPort: 443
  FromPort: 443
  CidrIp: 0.0.0.0/0

and uploading it to .ebextensions/https-instance-securitygroup.config on the server. However the SSL certificate is still not working. I am unsure why, have I missed something?

Thanks.

John107
  • 131
  • 3
  • Check in CloudFront console to see if the SSL certificate has been assigned to the distribution. – Tim Sep 05 '17 at 18:11
  • @Tim Yes it has been assigned to the distribution, just double checked just now. – John107 Sep 05 '17 at 18:31
  • I would try setting it up manually in the console, then having CloudFormation generate the template to create it. Compare that with what you did and you should have your answer. – Tim Sep 05 '17 at 19:33
  • If you haven't installed an SSL certificate on the *instance itself*, CloudFront will not be making a back-side connection to the instance using SSL. Please be more specific than saying it is "not working." – Michael - sqlbot Sep 06 '17 at 03:37

0 Answers0