SSL for EC2 Beanstalk .NET CORE app stored on linux

0

I have purchased and am managing a domain name through GoDaddy (readover.online). The primary domain is directed to my VPS on GoDaddy. I have also established a record for a subdomain (english.myDomain.com), directing it to my AWS EC2 Beanstalk website. I am successfully able to access my website (english.readover,online) hosted on AWS.

Currently, I am in the process of setting up an SSL certificate for the subdomain (english.readover.online) I validated using DNS and the status is SUCCESS! but it is not in use (my subdomain is not secured yet) what should be the next step? I dont use a load balancer. do I have to, if I want an ssl for my ec2 beanstalk? in the certificate manager it is written that it can be used with CloudFront, Elastic Load Balancing, API Gateway and other integrated services. What about single beanstalk? I read here https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html that Single-instance environments don't have a load balancer and don't support HTTPS termination at the load balancer. what do I have to do?

2 Answers
0

Hello.
Nitro Enclaves must be enabled in order to deploy SSL certificates issued by ACM directly to EC2 instances.
https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html

There are several requirements that must be met in order to use Nitro Enclaves.
So basically, if you are using ACM, it is a good idea to install an SSL certificate in the ALB.
https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html#nitro-enclave-reqs

  • Parent instance requirements:
    • Virtualized Nitro-based instance
      • Intel or AMD-based instances with at least 4 vCPUs, excluding M7i, M7i-flex, T3, T3a, and u-*
      • AWS Graviton-based instances with at least 2 vCPUs, excluding A1, T4g, G5g, Im4gn, and Is4gen
    • Linux or Windows (2012 R2 or later) operating system
  • Enclave requirements:
    • Linux operating system only

Please refer to the following document for instructions on attaching the certificate to the ALB.
https://repost.aws/knowledge-center/associate-acm-certificate-alb-nlb

profile picture
EXPERT
answered 10 months ago
0

Hi,

Let me try to help you with your questions:

I validated using DNS and the status is SUCCESS! but it is not in use (my subdomain is not secured yet) what should be the next step? We recommend that you configure a Load Balancer with your AWS Elastic Beanstalk thinking about not only about security but also high-availability of your website. To configure your AWS Elastic Beanstalk with Load Balancer you can check the following link: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html

I dont use a load balancer. do I have to, if I want an ssl for my ec2 beanstalk? The simplest way to use HTTPS with an Elastic Beanstalk environment is to assign a server certificate to your environment's load balancer. When you configure your load balancer to terminate HTTPS, the connection between the client and the load balancer is secure.

In the certificate manager it is written that it can be used with CloudFront, Elastic Load Balancing, API Gateway and other integrated services. What about single beanstalk? AWS Certificate Manager is the preferred tool to provision, manage, and deploy your server certificates programmatically or using the AWS CLI. To use ACM with Elastic Beanstalk the recommendation is to use it with load balancer. Check this link with all integrated services that ACM support. https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html

I hope these information helped you.

AWS
answered 10 months ago
profile picture
EXPERT
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions