Configure Spring application deployed in AWS Elastic Beanstalk to use SSL

Question

I deployed successfully Spring application into AWS Elastic Beanstalk which us going to be used as Rest endpoint by Angular app. I want to encrypt the communication between Angular and Spring with SSL. What is the best approach for that? Use AWS Load balancer or use some Java code to allow only SSL requests? What solution do you use?

If it's possible I would like to use different Spring profiles for local development and production use. So enable and disable this functionality into application.yml will be the best option.

Answer 1

As indicated in the answer provided by Muzaffar, in a general use case the use of a load balancer for SSL termination is probably the more convenient way to setup your service.

It frees your EB instance for the task of SSL processing, terminating SSL as mentioned. In addition, you can redirect your HTTP to HTTPS traffic if required, and it is fully integrated with ACM for your certificate management tasks.

It seems that your main concern has to do with the traffic between the load balancer and the beanstalk instance.

As pointed out by Martin, the usual practice is that the traffic between the LB and the EB instance will be HTTP, not HTTPS.

Having said that, AWS allows you to encrypt the traffic between the LB and EB as well, getting end to end HTTPS, by configuring your services properly. On one hand, you still need to configure your LB to terminate SSL and, on the other, you basically need to define the right .ebextensions depending on your LB type. This AWS document describe in detail the whole process.

Answer 2

You can add the generate SSL certificate on add it to ELB so that your Rest endpoint is protected. And for Angular website which is deployed on Cloudfront you can do the same and generate the SSL certificate from AWS Certificate manager and add the SSL while creating the CloudFront distribution. This way your Rest endpoint will be protected and the Website too.