1

Background & Research

I am currently in the process of polishing off the infrastructure for a project of mine and I have realised that I have a slight issue when it comes to the SSL certificate installation. I have conducted an exntensive amount of research around the web but many articles seem to contradict one other, and as such, I felt it best to post up a question here...

My Set Up

My current set up is as follows (only the relevant parts):

  • Custom domain DNS managed by Route 53 (note - I intend to migrate this to Cloudflare instead)
  • The application is hosted using the Elastic Beanstalk service (without a load balancer)
  • www.example.com is forwarded to example.com - this is relevant because of the DNS management

My Issues

I considered posting up several separate questions but as each question is linked to the other, I thought it best to combine into one. These are the things that I would like to acheive:

  • Rewrite/redirect {subdomain}.elasticbeanstalk.com to custom domain (I want to hide the Elastic Beanstalk domain for various reasons)
  • Manage my DNS from Cloudflare (I am hesitant to point to my Elastic IP as this will change if the environment is ever rebuilt)
  • Ensure all requests are served under HTTPS (Cloudflare will handle this for the custom domain)

My Questions (and proposed solutions)

  1. Is it even possible to rewrite/redirect the Elastic Beanstalk domain to my custom domain? I assume this cannot be done because the web server (Apache) will be expecting the EB domain...
  2. If 1. cannot be done, is there a way to either enable SSL on the EB instance without a load balancer, or prevent access to it from the outside World (whilst still allowing my custom domain to rewrite to it, I doubt it...). In short, if the EB instance is publically accessible, it must force SSL. I fear the only way to achieve this is to add some apache configuration to my .ebextensions...
  3. Can I rely on the EB associated Elastic IP to forward my A record to from the Cloudflare managed DNS?

Additional Information

Cloudflare

I have used Cloudflare for many years to further optimise the content on the sites I build. Whilst many of these optimisations can be done by myself on the server (of which I do), Cloudflare offers a vast array of additional functionality that makes them hugely beneficial as a 'middle man' between visitor and server. In order to gain the benefits of Cloudflare, one must manage their DNS with Cloudflare, hence my move from Route 53.

Elastic IP

The reason I believe my elastic IP may change is simply because Elastic Beanstalk will remove and rebuild all services if it ever has to rebuild an 'environment'. Whilst I appreciate it is extremely unlikely I will have to rebuild my environment(s), it means there is another thing to have to consider for ongoing maintenance

Ben Carey
  • 164
  • 12
  • Can you please edit your question to include 1) Why you want to use CloudFlare instead of R53, given R53 is flexible and fairly cheap. There are valid reasons, just curious what yours is. 2) Why you think you lose your elastic IP if you rebuild your environment. I don't know EB well but Elastic IPs are effectively static - plus you can change DNS with a 5 minute TTL anyway. – Tim Jul 25 '19 at 08:17
  • @Tim - Please see my updated question :-) – Ben Carey Jul 25 '19 at 11:21

0 Answers0