Reputation: 3
How to enable HTTPS on MEAN app deployed on AWS
I have created a MEAN application, where my Angular code is deployed on AWS S3 and the Node application is deployed using Elastic Beanstalk. I am using express-session for session management and after the user logs in I send a cookie to get stored in the browser. The application works fine on localhost. But now when I have deployed them on AWS, I need to make it secure (HTTPS) for sending/storing cookies. I have gone through some articles and got to know about SSL certificate. But not sure where should I implement it. on Angular side or Elastic Beanstalk side or both. Any guidance over this would be really appreciated.
P.S. I am new to web development and AWS.
Thanks in advance.
Upvotes: 0
Views: 51
Answers (1)
Reputation: 494
HTTPS should be configured on your beanstalk. You should definitely learn how it works here. Ref: https://howhttps.works/
In order for Beanstalk to support HTTPS, there are 2 ways, depending your configuration and requirements
If you use single-instance setup, no load balancer, there are 2 options
a. If you already purchased SSL certificate elsewhere and want to reuse the certificate, you can write a custom script to attach the SSL certificate to your Beanstalk environment.
See guide here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-java.html
b. Alternatively, if you want a much simpler setup without any scripting, you can use Cloudfront together with Certificate Manager or IAM certificate store.
Cloudfront, which acts as a proxy and SSL termination. You configure Cloudfront to forward all of incoming requests to your Beanstalk, and attach the SSL certificate to it to handle HTTPS for you.
Cloudfront needs a valid SSL certificate to handle HTTPS. For this, it can use either certificate from Amazon Certificate Manager, or IAM certificate store (for your existing one)
Guide here:
- Install SSL on Cloudfront: https://aws.amazon.com/premiumsupport/knowledge-center/install-ssl-cloudfront/
- Configure Cloudfront as a proxy to beanstalk: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.cloudfront.html
- Upload your existing SSL certificate to AWS: https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-procedures.html
If you use load-balanced setup, you also have 2 options
a. Since the load balancer in Beanstalk can handle SSL termination, you can go to EC2 Service -> Load balancers -> Select the load balancer of your Beanstalk environment -> Listeners. You will see a SSL Certificate there. Click edit and select the appropriate certificate.
If you don't see any available SSL certificates to select, you must either upload your existing certificate to IAM Certificate Store, or you can use Certificate Manager to help you with it. See guides above
b. You can use Cloudfront with Certificate Manager / IAM Certificate Store same like the previous approach.
In this setup, traffic goes to Cloudfront first, which forwards to the load balancer, before finally reaching your EC2 servers.
Upvotes: 1
Related Questions
- How to enable HTTPS for Elastic Beanstalk url
- How do I enable HTTPS for my Elastic Beanstalk Java application?
- How to configure https for Amazon S3 html files linked to Elastic Beanstalk application
- Allowing https for Elastic Beanstalk
- Configuring HTTPS for Elastic Beanstalk environment
- Making a Node JS web app use https via Elastic Beanstalk and Certificate Manager?
- Enabling HTTPS and HTTP with Elastic Beanstalk application
- Https configuration in AWS Elastic Beanstalk
- Https on Elastic Beanstalk Without Load Balancer
- AWS Elastic Beanstalk HTTPS not working