HTTPS Elastic Beanstalk non custom domain

Question

I deployed my Django application on Elastic Beanstalk. It give me a URL like this

http://<my-environment>.us-west-2.elasticbeanstalk.com 

Is there a simple way to have the same URL with HTTPS without have to purchase a certificate?

Answer 1

I disagree with the accepted answer: Yes, there are Amazon approved ways to load a cert (free self signed cert) with the default domain that Elastic Beanstalk provides. I just completed this task with the latest default Django app as a proof of concept (Django ver 2.1 and Python ver 3.6). My deploy was done from a Windows 10 machine with the latest AWS cli's.

During the initial testing and validation stage of your application is a typical time you would do a procedure like this. To ensure feasibility without going out to purchase a cert for your final domain. You have an app and want to see if it will deploy securely on Elastic Beanstalk. Amazon recommends it from the accepted answers linked document:

For development and testing, you can create and sign a certificate yourself with open source tools. Self-signed certificates are free and easy to create, but cannot be used for front-end decryption on public sites. If you attempt to use a self-signed certificate for an HTTPS connection to a client, the user's browser displays an error message indicating that your web site is unsafe. You can, however, use a self-signed certificate to secure backend connections without issue.

The proof of concept I show below uses the default Elastic Beanstalk Python 3.6 environment which terminates HTTPS at the load balancer. (Note: self signed certs can also be used to secure traffic between load balancer and the instance, but my answer doesn't cover this topic)

Follow these steps:

1. Install your Django application into Elastic Beanstalk using the command line interface (EB CLI). I follow the steps in the following guide: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create-deploy-python-django.html. At the time of this writing the version of Django I grabbed was 2.1 and the version of Python I chose for EB was 3.6. Just follow the steps until "Updating Your Application". Make note and save the CNAME (the EB domain name) returned after you run eb status because you will need that in my step 2.

2. Install OpenSSL on your development machine. Then follow these steps to create a self signed cert with openSSL: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-ssl.html . You dont need to do the last step on this page. You will need the contents of the server.crt and privatekey.cer files for the next step. At the very bottom of this answer are the fake values I used for the certificate. These don't matter, except for the domain name.

3. Go to Certification Manager in your AWS console. There is a big blue button, Import Certficiate. Click this. Open the server.crt file with your favorite text editor and paste the contents in the top box with the label: Certificate body. Then open the privatekey.cer file with your favorite text editor and paste the contents in the second box with the label: Certificate private key. Click Review and Import and make sure everything is ok.

4. The last step is turning on HTTPS and terminating it on your load balancer. Follow the steps in this amazon guide: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html . Note that in step 5 of this guide, you will want to follow the steps for Classic Load Balancer. Choose the certificate that you uploaded to the certificate manager in step 3 of this answer.

After you apply - your site will be running HTTPS with a self signed cert. See below for my proof of concept site that is just the default Django app:

Clicking on the cert shows the details:

Hope this helps you on your way to validating your Django application on AWS. Please don't run a self signed cert for your live (aka production) environment.