How do I set different private keys for different environments for Elastic Beanstalk?

Question

I am looking at this article https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html and I understand how I could store the private key file on server using s3.

However, I am not sure as to how I can change the private key file to store in different environments.

How do I achieve the above?

Answer 1

You can store the private keys in S3 for the different environments, download them all, but then only access the one you need for your specific environment. For example:

files:
  "/tmp/my_private_key.staging.json":
    mode: "000400"
    owner: webapp
    group: webapp
    authentication: "S3Auth"
    source: https://s3-us-west-1.amazonaws.com/my_bucket/my_private_key.staging.json
  "/tmp/my_private_key.production.json":
    mode: "000400"
    owner: webapp
    group: webapp
    authentication: "S3Auth"
    source: https://s3-us-west-1.amazonaws.com/my_bucket/my_private_key.production.json

container_commands:
  key_transfer_1:
    command: "mkdir -p .certificates"
  key_transfer_2:
    command: "mv /tmp/my_private_key.$APP_ENVIRONMENT.json .certificates/private_key.json"
  key_transfer_3:
    command: "rm /tmp/my_private_key.*"

where you have set APP_ENVIRONMENT as an environment variable to be "staging" or "production", etc.