Elastic Beanstalk Alias Without Load Balancer

1
votes

I have an Elastic Beanstalk (EB) app deployed with a load balancer. In Route53 I defined an alias myapp.mydomain.com to point to the EB url. It works fine.
But when I change the EB environment type to 'Single Instance' (from 'Load Balanced'), the alias doesn't work anymore.

Is there a way to use aliases for non-Load-Balanced environments?

1
amazon-elastic-beanstalkamazon-route53aws-load-balancer
EB url should work whether it is single-instance or load balance. In fact it should be exactly same. Therefore myapp.mydomain.com pointing to the EB url should not be affected. Have you observed a change in EB url? Or is your app working when using EB url? - Marcin
The app URL is the same and it works (not the alias). I have redirected http to https. This is done in the load balancer settings. Not sure if this is the reason it doesn't work when I change the environment to single instance. - LoMaPh
I see. So before you had ssl cert on the ALB? Without ALB, you can't deploy the same cert on the EB instance. Was it ssl cert from ACM? - Marcin
The cert is from ACM and is on *.mydomain.com. The https setup is in the Load Balancer section of the EB. If I choose single instance, this section is not accessible, so in this case where can I set the https? - LoMaPh
I will make an answer with some details in a moment. - Marcin

1 Answers

1
votes

Based on the comments.

The issue is caused by ACM SSL certificate. On the load balanced EB environment, the SSL certs are deployed on the ALB. This provides HTTPS capability for your environment.

Single-instance EB environments don't have any load balancer. Thus you have to provide SSL certificates directly on your EB instance. However, ACM ssl certificates can't be used on instances.

To rectify the issue you have two options:

client----HTTPS (ACM SSL cert)---->CF----HTTP---->EB

As you see, between CF and your EB instance you will have HTTP traffic, which may be not desired. To fix that you can't use self-signed certificates nor ACM cert. You need a public ssl certificate from a third party, such as free https://letsencrypt.org/.

This brings us to the second option:

  • Install new public certificate on your instance directly. ACM ssl certs can't be used on the instances. You need new one from a third party. A popular choice is https://letsencrypt.org/. You would have to configure nginx on the EB instance to serve the ssl certificate; and subsequently, provide you HTTPs capabilities.

Using this option you would have:

client----HTTPS (third party SSL cert)---->EB