Securing Your Application: Implementing SSL Certificates in AWS Elastic Beanstalk

Elastic Beanstalk is great for rapid NodeJs server deployments. And if you are using a load balancer (ELB), SSL is easy enough. Here at BlueFletch, I am constantly facing another scenario: Quick, easy, SSL on AWS Elastic Beanstalk single instance servers.

I want SSL. I don’t want to have to SSH into the box and type a bunch of commands. I don’t want to have to fix broken certs whenever the instance gets replaced. I want to use the same solution for a lot of domains, without doing a lot of editing. TCP forwarding is too complicated on single instance EB. Transparent proxying with HaProxy, and terminate SSL in node? Way to much config, and probably not suitable for production anyway.

Here’s what I have settled on. An .ebextensions file that tells the instance to do a few things to help add SSL to Elastic Beanstalk:

  • Create an Nginx conf file, but with the ‘pre’ extension.
  • Install the Certbot LetsEncrypt client, by EFF
  • Use CertBot to get a cert, for the domain name found in an env variable.
  • Create a domain agnostic link to the cert in the filesystem.
  • Move the ‘.pre’ Nginx config to a real ‘.conf’ file.

Give it a try, and if you have any improvements or suggestions, comment on the Gist!