I have spring app A running in beanstalk.
A is internally calling app B using http. It’s working fine.
Now I added a listener in load balancer in app B and enabled https.
Now A is not able to call B using https and having certificate exception.
Please let me know if I need to make any change in app A for disabling certificate validation or if there is any other way.
App A is calling app B using web client. Both apps are running in beanstalk.
You need to have your own domain (e.g. myapp.org). You can't use HTTPS with a default EB domain provided to you by AWS. Once you have your own domain you can get an SSL certificate using AWS ACM. The full procedure for setting up HTTPS on EB is described in AWS docs.
Related
So, I'm working on a hackathon project right now, and for the demo, I've spun up a NodeJS Express server on an EC2 via Elastic Beanstalk. When testing the server's API with our front-end locally, it worked perfectly fine.
Now we've deployed our front-end to AWS Amplify, setup a domain name in Route53, and hooked everything up. When we go to the domain, our front-end looks great, but when we try using the functionality that would connect to our server's API, we get a net::ERR_SSL_PROTOCOL_ERROR.
Doing some research, it looks like(?) that we have to setup a certificate on the Classic Load Balancer that's in front of the EC2. So I requested a certificate, and created a listener on the Load Balancer as follows:
Load Balancer Protocol
Load Balancer Port
Instance Protocol
Instance Port
HTTPS
443
HTTPS
3000
But now I realize that if setup this way, I still have no idea how to point the React Frontend's API calls to the Load Balancer instead of the EC2, or whether the listener is setup correctly. Would anyone have an idea of what steps we should take here?
For the details of the app, the backend is a pretty straightforward Express App with CORS enabled, and the frontend is a fairly standard React project, nothing special about either of them.
Instance Protocol should be HTTP. So your setup uses HTTPS only between client and CLB:
Client--- (HTTPS) ---> CLB --- (HTTP) ---> EC2
Also for properly setup HTTPS, you need to use your own domain. You can't use default domain provided by EB for your application.
Context: Right now I have an Angular static site setup on S3, a domain registered through Route53, and SSL through Cloudfront. I have an express backend on Elastic Beanstalk that I want to interface with using https. The EB app has a load balancer and nginx proxy by default.
Possible Solutions:
Assign my load balancer a SSL certificate but it seems I can only do this with a custom domain at least through the AWS certificate manager. It does give me the option to use the certificate I generated from the frontend but I'm not sure if that is a good idea.
Add an origin on my cloudfront that points to my EB express app. I'm not sure if this is secure or even possible. The idea is that I could make API calls from www.myapp.org (s3 hosted) to www.myapp.org/api (EB hosted).
Get a new custom domain and give that an ssl certificate and point it to my EB app?
If there are any other options, I would be happy to hear about them.
Background
I am trying to deploy a dummy application with React frontend and Django backend interacting via REST api. I have done the following:
Use a S3 bucket to host static website and deploy my react code to it
Put Cloudfront for S3 bucket - set up certificate and changed my domain name (from GoDaddy) to link to this address
Kicked off Elastic Beanstalk environment following the python environment tutorial of AWS
Set up Postgres RDS and linked the Django server with it
So now I can do the following
Access my frontend using https via my domain name (https://www.example.com)
Access django admin site using the path of elastic beanstalk and update items
i.e. each component is up and running
Problem
I am having trouble with:
Making a secure REST API call from the static page to Elastic Beanstalk environment. Before I set up certificates I could easily make REST API calls.
The guides I can find usually involve putting a domain name for Elastic Beanstalk, which I imagine does not apply to my case (or does it?)
I tried to follow this faq and updated configuration in load balancer that accepts 443 https and redirects to 80 http. But I am using same certificate as from CloudFront, which does not sound right to me.
Would appreciate help with
how to solve the above ssl connection issue
or is there a better architecture for what I'm trying to achieve here?
According to Request a certificate in ACM for Elastic Beanstalk backend, it sounds like I have to use a subdomain and request a certificate for that subdomain, and use Cloud 53 to direct requests to that subdomain to Elastic Beanstalk environment. Would that be the case?
Thank you in advance!
By default EB url will HTTP only. To use HTTPS you need to deploy SSL certificate on your ALB.
In order to do that you need a custom domain, because you can only associated an SSL certificates with domains that you control. Thus, normally you would get a domain (you seem to already have one from godaday). So in this case you can setup a subdomain (e.g. api.my-domian.com) on godady. Then you can use AWS ACM to register a free public SSL certificate for api.my-domian.com.
Once the certificate is verified, using either DNS (easier) or email technique, you deploy it on your ALB using HTTPs listener. Obviously you will need to point api.my-domian.com to the EB's https url. You can also redirect on your ALB http traffic from port 80 to 443 to always use https.
Then in your front-end application you only use https://api.my-domian.com, not the original EB url.
There can be also CORS issues alongside this, so have to be vary of them as well.
We have developed web api using .net core 3.0 along with swagger. And, for testing purpose we have deployed this api on aws on EC2 instance using EBS. However, while deploying we have noticed that by default it takes only http, but we to expose the api using https.
So, for the same we have created self signed certificate on aws virtual machine and tried to configure to the hosted API and added bindings to Https by selecting the certificate. Our aws vm using IIS 10.
However, after doing this out api is stopped working and it gives lot of errors. We have tried to add the certificate in Certificate manager and after that modifying the load balancer also. But it doesn't seems to be working at all.
So, can anyone what exactly we are missing here? What are correct steps needs to be taken to configure self signed certificate to AWS deployment.
Thanks for the help !
What I've typically done is put the SSL certificate on the load balancer, so the path essentially becomes:
https traffic -> Load Balancer (HTTPS Port, does handshake) -> Application (HTTP Port)
So essentially the user send an https request that is encrypted up to the load balancer, but the load balancer does the handshake for us and passes the packet off via HTTP inside our VPC.
I'm using the flask to serve my application. I have received the certificate from AWS Amazon Certificate Manager, but it is not correctly applied to my flask app. How can I solve this problem?
AWS Certificate Manager does not allow the created certificates to be exported. So the best way to achieve what you are trying to to, is create an ELB in front of your Flask app and then using the certificate on that.
You can do this with either the Classic Load Balancer or the Application Load Balancer.
If you insist on running it within the Flask instance itself, then something like Let's Encrypt is likely a better solution.