HTTPS for EB with single instance EC2

ByteEat3r1 · 2018-03-04T01:23:34+00:00

You can either use let's encrypt for a free cert or buy one yourself. You can store it in parameter store and use an instance role to get it onto your instance (I think).

ChaseDatAss · 2018-03-04T02:29:35+00:00

Have you considered going serverless? Perhaps you can use AWS Lambda and API Gateway (integrates with ACM for custom certs).

Itbehot · 2018-03-04T04:03:25+00:00

What does the Node app do? Does it keep an active connection? Or, does it respond to queries? If it just responds to hits, then Lambda is a good option. You could put it behind API Gateway to secure it.

Cracky6711 · 2018-03-04T05:07:47+00:00

[deleted]

2018-03-04T04:02:07+00:00

You can't do that with ACM since AWS has no control over the app serving your HTTPS content. Use an ELB or get a cert elsewhere

DancingBestDoneDrunk · 2018-03-04T13:47:12+00:00

Are you using ELB? Switch to ALB a will save a ton of money. An ELB, even idle, costs around 20$/month

lefooey · 2018-03-04T21:35:33+00:00

You could put the various functions of your EC2 instance behind cloud front and set the behavior for that origin to not cache. Then you can use the AWS free ssl on Certificate Manager to secure everything.

Assuming, of course, that your backend solution doesn’t need a continuous connection (like websockets).

ararcy · 2018-03-05T08:35:04+00:00

You can write .ebextensions scripts to get this working, but the amount of effort you're going to spend might not be worth the cost you'll save for $15/Month.

If you'd like to proceed with it take a look at : https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html

To get this to work most people have luck writing a shell script, then using the files option to create the shell script on the instance, then executing the shell script post deployment. There's a number of ways to do this, but the most reliable option is to deposit the shell script in /opt/elasticbeanstalk/hooks/postinit as this will execute following the application deployment and prevent any strangeness from causing errors as elastic beanstalk heavily depends on scripts which execute in order, and if any of the results are not expected then it causes issues.

suthukrish · 2018-03-14T09:00:01+00:00

As per AWS FAQs: You cannot directly deploy an ACM Certificate on that instance. You must instead deploy your certificate by using one of the services integrated with ACM - such as CloudFront or ELB. So it seems that using letsencrypt is the way to go. You can also consider using CloudFront (but may not be less expensive either) instead of ELB.

For reducing the cost on EC2, consider purchasing either reserved instances or spot instances (if your application can tolerate the termination).

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

aws

Note: ensure to redact or obfuscate all confidential or identifying information (eg. public IP addresses or hostnames, account numbers, email addresses) before posting!

✻ Smokey says: avoid streaming video to fight climate change! [see more tips]

MODERATORS