0

I've just been introduced, only hours ago, to Amazon's AWS, and ECS, and Elastic Beanstalk, with our (still experimental) application ported over from Google Cloud, and up and running in a load-balanced cluster.

But without HTTPS.

I've been setting up HTTPS on a number of other platforms for a few years now (mostly Tomcat servers doing their own front-ending, using Java Keystores), but I'm having a bit of trouble getting started here. Currently, we are still on the domain name we've been given, namely "http://awseb-awseb-[REDACTED]amazonaws.com/"

Do we need to get our own domain name hooked up to this before we can start setting up for HTTPS? Or is there a shortcut that will allow us to experiment with HTTPS before that's done?

Can anybody point me to appropriate tutorials for this? I'm having a bit of difficulty understanding all this, so quickly.

hbquikcomjamesl
  • 259
  • 2
  • 16
  • 1
    AWS documentation is pretty good. This page should be useful https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html – Tim Feb 01 '19 at 01:01

1 Answers1

0

if I'm understanding you correctly you need to test a connection over https and won't mind if the connection after the Load Balancer is http. In order to do so follow the step by step guide here:

  1. Head over to the Route 53 and create a hosted zone such as domain.com.
  2. Once this hosted zone is created in the hosted zone create a DNS entry such as my.domain.com
  3. Assign this DNS entry an A type record and Alias it to the load balancer you previously created.

  4. Test this DNS entry over http://my.domain.com and verify if it's working correctly. P.S. Wait for a couple of mins DNS caching takes a little bit of time. You can reduce it by changing the TTL in the Route 53 entry.

    1. Once you have verified my.domain.com is working correctly over http head over to AWS Certificate Manager and issue a wildcard certificate for *.domain.com I would advise you to go through with the wildcard certificate because that will essentially enable you to reuse the certificate for all the domains such as my.domain.com or abc.domain.com.

    2. On the Request a New certificate button. Opt for a public certificate. Then when entering the domain name enter *.domain.com. Check DNS validation in the next step.Once this step is complete you will be taken back to the Dashboard and your certificate will be shown as Pending Validation.

To resolve this, expand the certificate details where under Domain you will see a DNS record with a Name and a Cname. Copy these and head over to the Route 53 Dashboard. In your hosted zone, create a new record set with the name of the record set being the Name you copied from the Certificate Manager Dashboard and type as CName as value enter the value copied from Certificate Manager.

Once you click on save after a few mins Certificate manager should show the certificate as issued.

Once this step is completed head over to the EC2 dashboard. Go to Load Balancers select the load balancer. Go to Listeners. Click on Add and add a listener on port 443 and select the protocol as HTTPS. Select the Instance port as the one you previously configured a listener to allow traffic. After this step you can test your https traffic on https://my.domain.com and nothing would get affected.

P.S. In case you have already configured a listener on 443 you can attach a listener to any other port. In this case you will have to specify the port at the end of the URL though like https://my.domain.com:PORT.

This ^ will enable https on my.domain.com with SSL termination at ELB so you don't have to make any other changes in your code or instances.

Hope it helps!

P.P.S. Sorry for the poor formatting!

Piyush Baderia
  • 106
  • 7