Home > OS >  How to connect Amazon Cloudfront with Elastic Beanstalk Single Instance in order to use HTTPS cert
How to connect Amazon Cloudfront with Elastic Beanstalk Single Instance in order to use HTTPS cert

Time:10-08

All of the tutorials I read pertain to an Elastic Beanstalk Load Balancer, which I am not using with a Single Instance.

I can access my app deployed through Elastic Beanstalk by either using the environment url or simply redirecting my Route 53 Type A record to either the Elastic Beanstalk environment or the ec2 public domain.

I want my webapp use HTTPS, so I created an SSL Cert through ACM and attempted to deploy the cert on my webapp through CloudFront. I created a CloudFront distribution domain but this is where I am stuck: I cannot use my Elastic Beanstalk environment as an Origin Domain, only an S3 bucket.

How do I get CloudFront to talk to Elastic Beanstalk/EC2?

Directly accessing S3 is not an option, not only do I get 403 errors but my project is an Angular App and .NET WebApi, which needs to be deployed and run, not simply accessed from an S3 folder. I also cannot bypass CloudFront and put the cert in my project, because you cannot download ACM certs.

CodePudding user response:

it should communicate with ElasticBeanstalk in HTTPS right?

Sadly this is not how it works. To have HTTPS between CF and EB, you must have valid, public SSL certificate on your EB instance. You can't use self-signed certificates nor EB gives you any SSL by default. If you do not have ALB on EB, you have to get SSL certificate from a third party (not ACM), such as LetsEncrypt and deploy in on the instance. You also must have your own domain for that to work.

Only if the above is satisfied, you will have HTTPS on the entire path:

Client --- (https) --> CF ---- (https) ----> EB

Otherwise, you can only have:

Client --- (https) --> CF ---- (http) ----> EB

Which is a security risk as you use http (plain text) over the internet.

  • Related