Introduction
We use HTTPS to allow users to connect to our website securely. If you've purchased a custom domain name for your Elastic Beanstalk environment, you can configure the same, but if you don't own a domain name, you can still use HTTPS with a self-signed certificate for development and testing purposes. The simplest way to use HTTPS with an Elastic Beanstalk environment is to assign an SSL certificate to your environment's load balancer with the below-mentioned steps:
- Generate Self-Signed SSL Certificate
- Importself-signed certificate to AWS Certificate Manager (ACM)
- Configure Application Load Balancer (ALB) to enable HTTPS
Let's start
Step 1. Generate Self-Signed SSL Certificate
For development and testing, you can create and sign a certificate yourself with open-source tools. Self-signed certificates are free and easy to create but cannot be used for front-end decryption on public sites. If you attempt to use a self-signed certificate for an HTTPS connection to a client, the user's browser displays an error message indicating that your website is unsafe. You can, however, use a self-signed certificate to secure backend connections without issue.
Follow the steps mentioned below article link to generate a self-signed certificate:
https://www.c-sharpcorner.com/article/generate-self-signed-ssl-certificate-for-aws-alb/
Step 2. Importself-signed certificate to AWS Certificate Manager (ACM)
With AWS Certificate Manager (ACM), you can create a trusted certificate for your domain names for free. ACM certificates can only be used with AWS load balancers and Amazon CloudFront distributions, and ACM is available only in certain AWS Reg. If ACM is not available in your AWS Region, you can upload a third-party or self-signed certificate and private key to AWS Identity and Access Management (IAM) by using the AWS CLI. We will use ACM to import our self-signed certificate, which has generated in Step-1
Follow the steps mentioned below article link to import a self-signed certificate using ACM:
https://www.c-sharpcorner.com/article/import-ssl-certificate-to-aws-certificate-manager-acm/
Step 3. Configure Application Load Balancer (ALB) to enable HTTPS
To update your AWS Elastic Beanstalk environment to use HTTPS, you need to configure an HTTPS listener for the load balancer in your environment.
To find the Load Balancer attached to your Elastic Beanstalk instance, we will need to look into Target Groups.
Go to, EC2 > click on Target Groups.
![ec2dashboard]()
Go through each Target Group and check for your Elastic Beanstalk Environment instance by name (ex. dev-app-env). Once you find your Target Group of your Elastic Beanstalk env. instance, you can see the attached Load Balancer.
![targetgroups]()
Copy this load balancer name and click on 'Load Balancers' from on left navigation, and search load balancer with the copied name.
![loadBalancer]()
Select the Load Balancer and click on 'Listners and rules'.
You can see we don't have any HTTPS listener available for our load balancer. To add an HTTPS listener, click on the 'Add listener button.
![addListener]()
On 'Add listener page', select the below values
| Protocol: Port |
HTTPS:443 |
| Action types |
Forward to target groups |
| Forward to target group |
select the target group name of your elastic beanstalk instance that we have found at the very start of this step |
![addCertificate]()
Now, under 'Secure listener settings' select the SSL certificate from the dropdown list that we have imported using ACM in Step-2 and click on 'Add'
![security]()
With this step, we have added an HTTPS lister to our load balancer, and you can also see that an SSL certificate is also got attached, but still HTTPS is not enabled. You can see a warning that our HTTPS port is not reachable.
![]()
Next, we will need to add the HTTPS port as an Inbound rule to the Security Group of the load balancer. To do the same, click on the 'Security' tab and click on Security Group ID.
![]()
On the Security Group details page, click on 'Edit inbound rules' under the 'Inbound rules' tab.
![defaultListener]()
Add the HTTPS listener with a '0.0.0.0' (anywhere)source and save the rule.
![listnerandrules]()
On updating the Inbound rule for Security Group, refresh the Load balancer settings, and you will notice now we don't have any warning for our HTTPS port.
![config]()
That's it, HTTPS is now enabled for your elastic Beanstalk application. To test, open your elastic beanstalk URL with HTTPS.(ex.https://dev-app.eu-west-1.elasticbeanstalk.com/)
Note. You will get a 'Not secure' warning in the browser URL, as we are using a self-signed certificate for this configuration
![]()
Conclusion
In this article, we have learned how to configure HTTPS for the Elastic Beanstalk application using a self-signed SSL certificate.