I'm trying to set up an AWS elastic beanstalk single instance with SSL, and I would like to store the private key in S3 and have the instance retrieve the key after deployment (to avoid submitting the private key to version control).
As per the AWS documentation at: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html, I have set up my config, stored at myproject/.ebextensions/privatekey.config:
Resources:
AWSEBAutoScalingGroup:
Metadata:
AWS::CloudFormation::Authentication:
S3Auth:
type: "s3"
buckets: ["my_bucket"]
roleName:
"Fn::GetOptionSetting":
Namespace: "aws:autoscaling:launchconfiguration"
OptionName: "IamInstanceProfile"
DefaultValue: "aws-elasticbeanstalk-ec2-role"
files:
# Private key
/path/to/private/key:
mode: "000400"
owner: root
group: root
authentication: "S3Auth"
source: https://s3.eu-west-2.amazonaws.com/my_s3_bucket/my_private_key
However, whenever I deploy I get the error:
Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'.
I have checked the configuration in elastic beanstalk and the project has the instance profile of aws-elasticbeanstalk-ec2-role, and this role definitely has the correct policy for S3 (I have even assigned it AmazonS3FullAccess, which shouldn't be necessary!)
When I test with a file that is publicly accessible, I can get it to work fine. However, not when the file is private.