How do I securely deploy my application and route traffic to my Elastic Beanstalk environment URL?

Short description

To deploy your application and route traffic to your Elastic Beanstalk environment, complete the following steps:

1. Create an Elastic Beanstalk environment and deploy your application.
2. Purchase or register a new domain.
3. Create an AWS Certificate Manager (ACM) certificate.
4. End HTTPS at the load balancer level.
5. Use Amazon Route 53 to route traffic to your Elastic Beanstalk environment.
6. HTTPS redirection.

Resolution

Create an Elastic Beanstalk environment and deploy your application

1. Create an AWS account.
2. Open the Elastic Beanstalk console and in the Regions list, select your AWS Region.
3. Create your Elastic Beanstalk application.
4. Create your Elastic Beanstalk environment. Make sure that you create a load balancer environment.
5. Deploy your application.

Note: If you don't select your application version when you create your environment, then a sample application deploys into your environment by default.

Your environment is available to users at a subdomain of Elastic Beanstalk. You can also see the URL of your environment's application in the overview page of the Elastic Beanstalk console. If you own a domain, then use Route 53 to resolve it to your environment.

If you have any issues during environment creation, see Troubleshooting your Elastic Beanstalk environment.

Purchase or register a new domain

Use Route 53 or another DNS provider to purchase or register a new domain name. If you already have a domain, then you can use the same domain for your Elastic Beanstalk application. For more information, see Registering a new domain.

Create an ACM certificate

To secure (HTTPS) your application, you must have an SSL certificate. If you own a domain name, then use ACM to create a certificate in AWS and use it with a load-balanced environment. For more information on publicly trusted certificate requests from ACM, see AWS Certificate Manager public certificates.

If you have any issues when you request and validate an ACM certificate, see Troubleshoot issues with AWS Certificate Manager.

Note: You can't request certificates for Amazon owned domain names such as those that end in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.

Terminate HTTPS at the load balancer level

To update your environment to use HTTPS, you must configure an HTTPS listener for the load balancer in your environment. For more information, see Configuring HTTPS Termination at the load balancer.

Note: Single-instance environments don't have a load balancer and don't support HTTPS termination at the load balancer.

If you can't create an HTTPS listener or receive errors when you add the HTTPS listener, then contact AWS Support.

Use Route 53 to route traffic to your Elastic Beanstalk environment

Route 53 records contain settings that control how traffic is routed to your environment. You can create an alias record to point to your environment URL. For more information, see Routing traffic to an AWS Elastic Beanstalk environment.

Note: Changes generally propagate to all Route 53 servers within 60 seconds. When propagation is complete, use the name of your created alias record to route traffic to your Elastic Beanstalk environment.

If you're having issues when you create a Route 53 alias record, then see Troubleshooting Amazon Route 53.

HTTPS redirection

When DNS propagation is complete, your domain starts to route traffic to your environment. Your domain accepts two types of requests, HTTP (80) and HTTPS (443). If you want to redirect traffic from HTTP to HTTPS, then you must configure redirection. To configure HTTPS redirection, use this configuration file in your application source bundle and deploy. This configuration file modifies the default port 80 listener attached to an Application Load Balancer to automatically redirect incoming connections on HTTP to HTTPS.

Note: This configuration file doesn't work with an environment that uses the load balancer type classic or network.

If you're having issues when you try to redirect, then contact AWS Support.