I would like to have wildcard domains for an auto-scaling application running on AWS Beanstalk.
I cannot use a custom domain with Route53 or alternatives, so I am forced to use the default generated domain format, eg: environment-name.elasticbeanstalk.com.
I would like to have something like this *.environment-name.elasticbeanstalk.com configured at the load balancer level for my setup.
Does anyone know if there is a way to specify a wildcard domain prefix for the beanstalk applications running with the default domain?
Related
I want to host all my REST services on one single domain in AWS. (Each REST service is hosted in AWS beanstalk, using EC2 and load balancers so that each service can autoscale depending on usage)
I would like to achieve something like this:
https://api.foo.com/product-service -> product REST service
https://api.foo.com/attribute-service -> attribute REST service
https://api.foo.com/login-service -> login REST service
...
But I'm pretty new to AWS, so I'm not sure how can I achieve this, do you guys have any ideas?
You can't do this from Route53 as R53 is not aware of any url paths. If you want to use R53 for that your domains must be:
product-service.api.foo.com
attribute-service.api.foo.com
login-service.api.foo.com
This would be the easiest way to achieve that, as you would just create alias records to different EBs. Otherwise I think you have to do add CloudFront to your setup and associates different origins with different API servers of yours based on the path.
In this particular case, I have a domain in a different provider (other than AWS) and an Elastic Beanstalk (EB) application with multiple environments that each use different resources.
From the domain provider, I've created a subdomain named - test.tiagoperes.eu.
What I want is that by going to this subdomain, any user would see what's currently found in the EB environment named production which is currently accessed in (app-prod is not the real name but follows a similar pattern)
app-prod.eba-xepr49ar.us-east-1.elasticbeanstalk.com
This is an environment with Auto Scaling Group, Target Group and Load Balancer.
What must be done?
Note: There's a similar question but it is very general (hence the variety of answers). Also, there's this question used in a basic EB environment. Also, I've looked at this guide.
Based on the comments.
The OP uses external DNS provider (not AWS Route53). Thus, CNAME record, or equivalent in the external provider, should be created for the subdomain. The record should resolve to the default name of on ElasticBeanstaslk.
Since the DNS provider is external to AWS, there is no need to do anything at the AWS.
In more detail, in the DNS manager of the domain, create a CNAME record for the subdomain. For example, if the EB subdomain is: app-prod.eba-xepr49ar.us-east-1.elasticbeanstalk.com then we should have a CNAME entry for app-prod.eba-xepr49ar.us-east-1.elasticbeanstalk.com. According to Mark B
We should never be pointing directly to a server/IP address with Elastic Beanstalk (EB), it should always be using the DNS endpoint Elastic Beanstalk provides.
Depending on the DNS host we are using, one can add the CNAME record ourselves, or we may need the host to add it for us. As examples, how to do it in Namecheap and GoDaddy is explained in their docs:
How to Create a CNAME Record For Your Domain
Add a CNAME record
I have create a AWS elastic search domain in Virginia and got a Endpoint url.
Now I wanted to configure the Route53 behavior around it, so that a caller can use the same url, even though there is some change in elastic search or in case of a disaster recovery.
So,
Virginia Route 53 -- 1 Points to -- Virgina Elastic Search Domain URL
Oregon Route 53 -- 2 Points to -- Oregon Elastic Search Domain URL
Main Route 53 -- 3 Points to -- Route 53 1 or 2
I have already create these and also created and uploaded SSL certificate with correct SAN entries. But when I execute,
curl https://mainroute53/health
curl https://virginiaroute53/health
curl https://oregonroute53/health
I am getting this error,
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
But when I am calling the Elastic Search URL directly its working. So I understand this is a issue with the way I am using the certificate. Any help appreciated.
Your Elastic Search endpoint will always return the Elastic Search SSL certificate.
So when you create a Route 53 "alias" for it, you may be connecting to it via your custom DNS entry, but Elastic Search will still use the Elastic Search SSL certificate.
Since the DNS endpoint you're using does not match the SSL certificate, you get that error.
You could use the --insecure curl flag to have it not check the SSL certificate, however, there are risks of doing that.
You can probably work around this by setting up a proxy server in front of the Elasticsearch domain, although it's kind of silly since there appears to also be an ELB inside the Elasticsearch domain. Ah well.
The domain Amazon ES creates for you includes the nodes in the Elasticsearch cluster and resources from several AWS services. When Amazon ES creates your domain, it launches instances into a service-controlled VPC. Those instances are fronted by Elastic Load Balancing (ELB), and the endpoint for the load balancer is published through Route 53. Requests to the domain pass through the ELB load balancer, which routes them to the domain’s EC2 instances.
https://aws.amazon.com/blogs/database/set-access-control-for-amazon-elasticsearch-service/
One way you can access Elasticsearch using your custom domain name is to use an API Gateway as an HTPP proxy. But then you have to deal with the authentication part since the Cognito cookies for ES will be pointing to the original domain (*.es.amazonaws.com).
In my experience this is doable and you should be able to use API Gateway (plus Custom Domain Names and Route 53) to achieve what you want (having a custom domain name over ES). It's just that it requires some Cognito knowledge and most likely, some coding (to handle the cookie problem).
You can use the http endpoint instead of the https one
i.e
curl **http**://mainroute53/health
This works around the fact that AWS does not allow providing custom domain certificate in its managed Elastic service
We had the same issue, wanted to be redirected to Kibana with a more friendlier DNS name and we used the solution with S3 bucket and the redirection as described here.
The steps:
Create a S3 bucket with any name.
In the bucket properties, enable “Static Website hosting”.
In the Static WebSite hosting properties, select the option to “Redirect Requests”.
In the target domain set the Kibana URL that is given from your elasticsearch domain: i.e. https://vpc-es-randomstring.us-east-1.es.amazonaws.com/_plugin/kibana/
Set Protocol to https
Then follow the steps from Step 5 on the guide above
I'm in the process of moving from another cloud provider. Currently I'm just testing in the default environment that has a url looking like this:
http://example-env-1.us-east-1.elasticbeanstalk.com
I'm trying to get SSL/HTTPS working for this address. I then plan using a CNAME to redirect to this address and eventually move the nameservers over completely.
However, after setting everything else up successfully I get to the point of adding the certificates and it just says "failed":
And even though I have my actual "example.com" ssl certificate successfully issued nothing shows up in the load balancer certificate selection dropdown (and yes I have refreshed):
How do I enable SSL using the Certificate Manager?
That's because you are trying to request a cert for the elasticbeanstalk.com domain. You will not be able to get a cert for that domain as you are not the owner of it :). Nor can you setup https for the default elastic beanstalk domains they give you.
You should use ACM to get a certificate for your custom domain, the one you plan on making a CNAME record for.
Example:
If you were to own say the domain amyneville.com. You could create a cert through ACM for that domain.
If you use your custom domain, you do NOT need a to get a cert for the elasticbeanstalk.com domain.
A couple more things:
You cannot create a CNAME record on a TLD (amyneville.com). You can create the CNAME record for www.amyneville.com. So if you want to use the CNAME approach you will have to create a non-www redirect to www..
But better then a CNAME would be to use an A record and point it to the elastic beanstalk resource that was setup. So the load balancer that was created for you, use it's A record.
Last but not least, you cannot apply the ACM cert through the elastic beanstalk console. Instead you will have to use the AWS CLI tools. Here's a link on how to do it: https://stackoverflow.com/a/35173500/1445460
I was looking for this myself and found this useful blog post from one of the Amazon team ...
https://medium.com/#arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.frcj0rj4t
Whilst you can't use the console to select the certificate as stated in your question you can use the Elastic Beanstalk CLI to set the certificate to one you have created in Certificate Manager.
I have a nodejs app running on elastic beanstalk. I have a domain registered through GoDaddy and a cname that points to myapp.elasticbeanstalk.com.
1) Can I point my domain to aws nameservers, instead of mapping that domain to the domain that eb has set up?
This is how I would like to set up my domain, but when I attempted to, it wouldn't work (and I'm not sure why). I checked DNS propogation, and things looks good, but when browsing to my domain, things wouldn't work.
2) Can I set up subdomains to work with elastic beanstalk? (eg. sub.example.com)
I read somewhere that subdomains cannot be set up in elastic beanstalk, but I don't understand why this would be. I'd like to have one app running at sellers.example.com and one at buyers.example.com. Can I do this with eb? If not, can I set this up on an ec2 instance and configure it myself?
For (1), if elasticbeanstalk.com name servers will respond to requests for domains under elasticbeanstalk.com domain.
You can checkout the following guide on how to setup your custom domain name to point to your elastic beasntalk app:
http://compositecode.com/2014/01/23/mapping-domain-names-w-name-com-and-amazon-route-53/
For (2), if you have two environments myenv1 and myenv2 then you can set up custom cname prefixes for each environment like myenv1.elasticbeanstalk.com and myenv2.elasticbeanstalk.com. What kind of subdomains would you prefer?
If these are sub domains under your own domain, I guess you could set them up depending on your DNS hosting provider.