Elastic Beanstalk Alias Without Load Balancer

Question

I have an Elastic Beanstalk (EB) app deployed with a load balancer. In Route53 I defined an alias myapp.mydomain.com to point to the EB url. It works fine.
But when I change the EB environment type to 'Single Instance' (from 'Load Balanced'), the alias doesn't work anymore.

Is there a way to use aliases for non-Load-Balanced environments?

Answer 1

Based on the comments.

The issue is caused by ACM SSL certificate. On the load balanced EB environment, the SSL certs are deployed on the ALB. This provides HTTPS capability for your environment.

Single-instance EB environments don't have any load balancer. Thus you have to provide SSL certificates directly on your EB instance. However, ACM ssl certificates can't be used on instances.

To rectify the issue you have two options:

• Put CloudFront distribution in front of your EB: Using Elastic Beanstalk with Amazon CloudFront. On the CF distro you can install your ACM ssl certificates. The problem is that you will have the following setup:

client----HTTPS (ACM SSL cert)---->CF----HTTP---->EB

As you see, between CF and your EB instance you will have HTTP traffic, which may be not desired. To fix that you can't use self-signed certificates nor ACM cert. You need a public ssl certificate from a third party, such as free https://letsencrypt.org/.

This brings us to the second option:

• Install new public certificate on your instance directly. ACM ssl certs can't be used on the instances. You need new one from a third party. A popular choice is https://letsencrypt.org/. You would have to configure nginx on the EB instance to serve the ssl certificate; and subsequently, provide you HTTPs capabilities.

Using this option you would have:

client----HTTPS (third party SSL cert)---->EB