How do I securely deploy my application and route traffic to my Elastic Beanstalk environment URL?

Short description

To deploy your application and route traffic to your AWS Elastic Beanstalk environment, complete the following steps:

1. Create an Elastic Beanstalk environment and deploy your application.
2. Purchase or register a new domain.
3. Create an AWS Certificate Manager (ACM) certificate.
4. Terminate HTTPS at the load balancer level.
5. Route traffic to your Elastic Beanstalk environment using Amazon Route 53.
6. HTTPS redirection.

Resolution

Create an Elastic Beanstalk environment and deploy your application

1. Create an AWS account.
2. Open the Elastic Beanstalk console and in the Regions list, select your AWS Region.
3. Create your Elastic Beanstalk application.
4. Create your Elastic Beanstalk environment. Make sure that you create a load balancer environment.
5. Deploy your application.

Note: If you don't select your application version when creating your environment, then a sample application deploys into your environment by default.

Your environment is available to users at a subdomain of Elastic Beanstalk. You can also see the URL of your environment's application in the overview page of the Elastic Beanstalk console. If you own a domain, then use Route 53 to resolve it to your environment.

If you have any issues during environment creation, see Troubleshooting.

Purchase or register a new domain

You can purchase or register a new domain name using Route 53 or any other DNS providers. If you already have a domain, then you can use the same domain for your Elastic Beanstalk application. For more information, see Registering a new domain.

Create an ACM certificate

To secure (HTTPS) your application, you must have an SSL certificate. If you own a domain name, then you can create a certificate in AWS and use it with a load-balanced environment by using ACM. For more information on requesting a publicly trusted certificate from ACM, see Requesting a public certificate.

If you have any issues when requesting and validating an ACM certificate, see Troubleshooting.

Terminate HTTPS at the load balancer level

To update your environment to use HTTPS, you must configure an HTTPS listener for the load balancer in your environment. For more information, see Configuring your Elastic Beanstalk environment's load balancer to terminate HTTPS.

Note: Single-instance environments don't have a load balancer and don't support HTTPS termination at the load balancer.

If you can't create an HTTPS listener or receive errors when adding the HTTPS listener, then contact AWS Support.

Route traffic to your Elastic Beanstalk environment using Route 53

Route 53 records contain settings that control how traffic is routed to your environment. You can create an alias record to point to your environment URL. For more information, see Routing traffic to an AWS Elastic Beanstalk environment.

Note: Changes generally propagate to all Route 53 servers within 60 seconds. When propagation is done, you'll be able to route traffic to your Elastic Beanstalk environment by using the name of your created alias record.

If you're having any issues while creating a Route 53 alias record, then see Troubleshooting Route 53.

HTTPS redirection

When DNS propagation is complete, your domain starts to route traffic to your environment. Your domain accepts two types of requests, HTTP (80) and HTTPS (443). If you want to redirect traffic from HTTP to HTTPS, then you must configure redirection. To configure HTTPS redirection, use this configuration file in your application source bundle and deploy. This configuration file modifies the default port 80 listener attached to an Application Load Balancer to automatically redirect incoming connections on HTTP to HTTPS.

Note: This configuration file doesn't work with an environment using the load balancer type classic or network.

If you're having issues when trying to redirect, then contact AWS Support.