how to attach SSL certificate to single instance beanstalk app

Question

I have a Java war that I want to host on elastic beanstalk on AWS. I have a certificate but I am not able to figure out how to attach it to my single instance app.

All the howtos describe how to attach the certificate to elastic load balancer but no document on how to do it without load balancer (i.e. single instance).

I don't want to use load balancer because it costs extra (and not needed in testing environment).

Any help will be appreciated.

Answer 1

Elastic Beanstalk single instance type did not support SSL via Management Console or API. You can find more information in AWS Forums.

But you can use Configuration File to customize your instance to enable SSL. Please see the following example.

1. Create an .ebextensions directory in the top-level of your source bundle.
2. Copy SSLCertificateFile.crt, SSLCertificateKeyFile.key, SSLCertificateChainFile.crt and ssl.conf(apache2 ssl module configuration) into .ebextensions
3. Create a configuration file, /your_app/.ebextensions/01ssl.config. Type the following 01ssl.config inside the configuration file to configure ssl settings
4. Open 443 port in your security group

01ssl.config

packages:
  yum:
    mod_ssl: []
container_commands:
  add-SSLCertificateFile-label:
    command: cp .ebextensions/SSLCertificateFile.crt /home/ec2-user/SSLCertificateFile.crt

  add-SSLCertificateKeyFile-label:
    command: cp .ebextensions/SSLCertificateKeyFile.key /home/ec2-user/SSLCertificateKeyFile.key

  add-SSLCertificateChainFile-label:
    command: cp .ebextensions/SSLCertificateChainFile.crt /home/ec2-user/SSLCertificateChainFile.crt

  replace-ssl-configuration-label:
    command: cp .ebextensions/ssl.conf /etc/httpd/conf.d/ssl.conf

ssl.conf example

Your WAR structure should look like

web_app.war
          |
          |_.ebextensions
          |   |_ 01ssl.config
          |   |_ SSLCertificateFile.crt
          |   |_ SSLCertificateKeyFile.key
          |   |_ SSLCertificateChainFile.crt
          |   |_ ssl.conf
          |
          |_META-INF
          |
          |_WEB-INF
               |_ classes
               |_ lib
               |_ web.xml

2013/11/14 Updated.

1. Using configuration file should pay attention to security problems, because the files in the folder .ebextensions are accessible for everyone. This may not happen in usual situation.
2. AWS also provides an example Configuration File for configuring SSL for Single Instance Type now.