Reputation: 731
ElasticBeanstalk Create Default Listener Rule with HTTPS:443 instead of HTTP:80 in Shared ALB with Terraform
Is it possible to set the default listener rule to use HTTPS:443 listener instead of the HTTP:80 listener when creating an ElasticBeanstalk environment with shared load balancing in terraform?
My ALB has port 80 as a listener to redirect traffic from http to https. Right now when beanstalk creates an environment, it creates a listener rule in the HTTP:80 listener which I don't want it to do. In the console I can create an environment with a shared ALB and select the default listener port to be 443(HTTPS) and will create a default rule in the 443 listener instead which is what I want to happen.
I'm building this with terraform and in the general options for ElasticBeanstalk general options, I don't see an option to set the default listener rule to use HTTPS:443 for the elbv2's settings.
Upvotes: 1
Views: 2786
Answers (3)
Reputation: 11
Based on @MillerC user and AWS docs, General options, the answer was to assign the default rule the :443 listener. The options used by boto3(if you use boto3 instead of terraform for educational purposes) are:
{
"Namespace": f"aws:elbv2:listener:{listener_port}",
"OptionName": "Rules",
"Value": "default,other_rule_you_need",
}
where listener port is the one you need. Can be used as follows:
client.create_environment(
ApplicationName=application_name,
EnvironmentName=environment_new_name,
VersionLabel=app_version,
Tier={"Name": "WebServer", "Type": "Standard"},
SolutionStackName=solution_stack_name,
OptionSettings=new_config, ## here is the list of options added(including our subject also)
)
Upvotes: 0
Reputation: 180
I came across this issue when trying to create a shared Application Load Balancer only listening on port 443 for HTTPS for multiple ElasticBeanstalk environments via CloudFormation templates written in JSON. The actually error in the CloudFormation stack looked like this:
Configuration validation exception: Invalid option value: 'default' (Namespace: 'aws:elbv2:listener:80', OptionName: 'Rules'): The load balancer you specified doesn't have a listener on port 80. Specify listener options only for existing listeners.
Thanks to MillerC's answer I could solve it like this:
"Resources": {
"ApplicationConfigurationTemplate": {
"Type": "AWS::ElasticBeanstalk::ConfigurationTemplate",
"Properties": {
"OptionSettings": [
{
"Namespace": "aws:elbv2:listener:443",
"OptionName": "Rules",
"Value": "default"
}
]
}
}
}
Upvotes: 0
Reputation: 731
After spending too much time on this, the answer was to assign the default rule the :443 listener. I realized it by looking at this AWS doc that specified the default option in the rules block of an ebextension config file - link.
dynamic "setting" {
for_each = var.enable_shared_alb ? [1] : []
content {
namespace = "aws:elbv2:listener:443"
name = "Rules"
# Setting the default value here prevent
# the default rule from being created in the ALB's HTTP:80 listener
# Instead the default rule will be created in the HTTPS:443 listener
value = "default,some-other-rule-name"
}
}
Upvotes: 8
Related Questions
- Redirect HTTP to HTTPS for Application Loadbalancer in Elastic Beanstalk in Cloudformation
- AWS Load Balancer with a https listener created with terraform throws connection refused
- How do you set an HTTPS redirect for ALB in an Elastic Beanstalk configuration file
- creating https listener for ALB for a application which is running on apache2 with in Ec2
- Add HTTPS Listener to Application Load Balancer
- Redirect http to https on Beanstalk's ALB without support of https on the instance
- Terraform AWS ALB listener rule path
- AWS ALB listeners - both https and http
- How to create ElasticBeanstalk environment with non-public load balancer with Terraform
- AWS set https SSL on Load Balancer Listener