Does anyone know if it's possible to change an existing AWS Elastic Beanstalk environment to an Application Load Balancer (instead of a classic one).
As far as I know only Application ELB's can be protected with AWS WAF and DDOS "Shield" so any existing EB app can't take advantage of these features since they have classic ELB's.
It is not possible to change the load balancer type for an existing environment but I have used the following process to create a cloned environment with an application load balancer (instead of classic).
In the console, save configuration of the original env.
In terminal, eb config get [save name], you will get a file in .elasticbeanstalk\saved_configs .
Edit the file to add
OptionSettings:
aws:elasticbeanstalk:environment:
LoadBalancerType: application
and remove (if you have those):
aws:elb:loadbalancer:
CrossZone: true
aws:elb:policies:
ConnectionDrainingEnabled: true
aws:elb:listener:443:
[whatever]
You can use this opportunity to do other changes, such as upgrade PlatformArn
Save modified config as [new save name].
In terminal, eb config put [new save name] .
Update your .ebextensions to have LoadBalancerType: application and optionally add listener to elbv2. You can also create in the console manually later.
aws:elbv2:listener:443:
ListenerEnabled: true
SSLPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
SSLCertificateArns: [your cert id]
DefaultProcess: default
Protocol: HTTPS
Rules: ''
Create a new env with eb create [new env name] --cfg [new save name]
Now you will have a new environment with a different load balancer type side-by-side with your old environment. You can perform testing, make further configuration changes and then if all is well, swap CNAMEs and terminate the previous environment.
Hello As Per AWS Documentation:
The Elastic Beanstalk Environment Management Console only supports
creating and managing an Elastic Beanstalk environment with a Classic
Load Balancer. For other options, see Application Load Balancer and
Network Load Balancer.
Also
Note You can only set the load balancer type during environment
creation. (Refer AWS Documetnation)
So When you deploy application to Elastic Beanstalk via AWS CLI:
Try
eb create test-env --elb-type network
or
eb create test-env --elb-type application
The easiest way I've found to change an existing application to use the application load balancer is using both the Console and CLI:
In the console, save the application configuration of the original env. Note this name down. We'll use it as <saved-config-name>.
Under the Application versions note the latest Version Label. We'll use it as <app-version>.
From the CLI run eb create <new-environment-name> --elb-type application --cfg <saved-config-name> --version <app-version>
If you had HTTPs configured in the old application, in the newly created application reconfigure it in the Console under Load Balancer-->Listeners with the proper certificate.
Related
I have a web application running on Elastic Beanstalk in load balanced environment however when I changed the configuration to a "single instance" environment the application returns a 408 Request Timeout with every https browser request to the server (custom domain).
The environment health in my AWS console shows everything is running okay so I am baffled by what could be causing the problem. When I change the configuration back to 'load balanced' everything works fine again.
When I change the configuration back to 'load balanced' everything works fine again.
Since you are using HTTPS with custom domain, when you switch to a single instance, the HTTPS functionality is lost. To make HTTPS work on a single instance, you need to obtained new SSL certificate (AWS ACM can't be used), and deploy it on your instance though re-configured Nginx:
How to Setup SSL(HTTPS) on Elastic Beanstalk Single Instance Environment
The Elastic Beanstalk documentation mentions that the load balancer type can be set with a config file in the .ebextensions folder. However, when I deploy my application in a newly created environment, Elastic Beanstalk still creates a classic load balancer.
I am creating the new environment through the AWS console and my application source package has the .ebextensions folder with settings specifying an application load balancer. As seen below:
.ebextensions/application-load-balancer.config
option_settings:
aws:elasticbeanstalk:environment:
LoadBalancerType: application
Am I missing a step during the creation of the environment? Have other people ran into this issue?
I ran into this issue as well, and from testing it appears that these .ebextensions /application-load-balancer.config settings only work if you create the environment with High Availability specified. So you can't just select the platform and upload your code and have the application load balancer and High Availability setup configured from the .config settings (even though the docs make it seem like this should work). Instead you must select the desired platform (PHP, etc.), upload your initial code, and then click on More Options and select the configuration preset for "High Availability". You may also need to select your VPC at this point as well, if you are deploying into a custom VPC network. You don't need to set any other settings, as those will be applied from your application-load-balancer.config file (and other .config files). It just seems that there's a distinction between environment creation and environment config, and some of these values can only be set during the "creation" step.
I wonder why this question is so poorly documented and it is hard to find an answer or sample, even though extensions under .ebextensions folder seem be a convenient way to work with environments within CI/CD process.
The proper way how to get 'application' load balancer created in Elastic Beansltalk environment is to use AWS::ElasticLoadBalancingV2::LoadBalancer inside your .config file specifying resources.
Sample:
Resources:
AWSEBV2LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
AWS::ElasticLoadBalancingV2::LoadBalancer specification:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html
The specification says that it is possible to set 'network' or 'gateway' load balancers as "Type" property, in turn, the other doc (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb.html) says that it is not possible and you should use aws:elasticbeanstalk:environment option inside the options file configuration.
Whatever is true, the sample above works perfectly fine for 'application' load balancer since 'application' is the default type for V2.
Please note, that if you use ElasticLoadBalancingV2 load balancer, then you also have to use V2 listeners, target groups etc., as well as, V2 options (e.g. aws:elbv2:loadbalancer) inside your options configuration file
Sample for V2 listeners: https://github.com/awsdocs/elastic-beanstalk-samples/blob/b5e8eaea6a0acca6b80281d4f1afe408a50e1afb/configuration-files/aws-provided/resource-configuration/alb-http-to-https-redirection-full.config
I'm using Terraform to provision ElasticBeanstalk application.
EC2 instances are placed into auto scaling group and accessed via (classic) Elastic Load Balancer.
Now I need to store access the logs to that load balancer in S3.
I see it is possible to do manually from web console (EC2/Load Balancers/Description/Attributes/Access logs). Also Terraform allows to configure access logs for aws_elb (if it is created not by ElasticBeanstalk).
However, ElasticBeanstalk does not allow to configure access logs for classic load balancer (see docs) only for application load balancer.
So the question is: how can I configure ElasticBeanstalk to store access logs for classic load balancer?
I realize that I can change the balancer type but I'd like to avoid that.
You can do this by creating an .ebextensions directory in the root of your deployment bundle, and saving a configuration file there. Here's the file that we use, which configures the ELB to save logs every 5 minutes:
Resources:
AWSEBLoadBalancer:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
AccessLoggingPolicy:
EmitInterval: 5
Enabled: true
S3BucketName: "example-elb-logs"
S3BucketPrefix: { "Fn::Sub" : "example/${AWSEBEnvironmentName}" }
If you're thinking "this looks a lot like a CloudFormation template" you're right: Beanstalk adds the fragments in this directory to its base template.
For more information on .ebextensions: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
I'm a pretty new developer and deployed my first Django app via Elastic Beanstalk. I want to serve https requests and have configured my SSL certificate and have my load balancer set up correctly. When I go into EB > Configuration > Secure listener port and set it to 443 I'm getting the error upon saving:
LoadBalancerHTTPSPort: You have specified both the #deprecated(:default.aws:elb:loadbalancer:LoadBalancerHTTPSPort)
option as well as one in the new aws:elb:listener:443 namespace.
The :default.aws:elb:loadbalancer:LoadBalancerHTTPSPort option will be ignored.
Not sure what I'm missing because I'm still not able to serve https requests
I had the same problem with a NodeJS Elastic Beanstalk app. However, I was able to get around it by updating the Listener/Certificate settings via the AWS EC2 console (https://console.aws.amazon.com/ec2/), via the Load Balancers section (under LOAD BALANCING).
I was updating the certificate for a staging version of a cloned environment. This was the only way I could assign a different certificate to the staging environment.
See more at http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html
How can I get the RDS host of an elastic beanstalk environment? I setup an EB env with:
eb create --database ...
Now I want to upload a SQL dump to this new environment without connecting to any server of this EB environment. Since the information is in the environment variables, I thought I could find out it with eb printenv but that does not work.
the information exists in the beanstalk web console (Data Tier section on the environment's Configuration page) as described in this document