结合使用AWS Certificate Manager(ACM证书)和Elastic Beanstalk
拥有通过AWS Certificate Manager颁发的域证书时,如何将该证书应用于Elastic Beanstalk应用程序.
When you have a certificate for your domain issued through AWS Certificate Manager, how do you apply that certificate to an Elastic Beanstalk application.
是的,Elastic Beanstalk应用程序是负载平衡的,并且确实具有与之关联的ELB.
Yes, the Elastic Beanstalk application is load balanced and does have an ELB associated with it.
我知道我可以直接将其应用于ELB.但是我想通过Elastic Beanstalk应用它,以便将环境配置保存到Cloud Formation模板中.
I know I can apply it directly to the ELB my self. But I want to apply it through Elastic Beanstalk so the env configuration is saved onto the Cloud Formation template.
我发现,您无法通过弹性beantalk控制台(至少现在还没有)做到这一点.但是,您仍然可以通过eb cli或aws cli进行设置.
I found out, you cannot do it through the elastic beanstalk console (at least not yet). However you can still set it via the eb cli, or aws cli.
基本上,我们试图做的是更新aws:elb:listener设置,您可以在
Basically what we are trying to do is to update the aws:elb:listener setting, you can see the possible settings in the general options docs.
使用EB CLI非常简单.假设我们已经为项目设置了awsebcli工具,则可以使用eb config命令.
Using the EB CLI is pretty simple. Assuming we already setup the awsebcli tool for our project we can use the eb config command.
它将打开您的默认终端编辑器,并允许您更改设置为YAML文件的设置.进行更改并保存后,eb config cmd将自动更新您的Elastic Beanstalk环境的设置.
It will open up your default terminal editor and allow you to change settings which are written as a YAML file. When you make a change and save it, the eb config cmd will automatically update the settings for your Elastic Beanstalk environment.
您将需要在配置文件中添加以下设置:
You will need to add the following settings to your config file:
aws:elb:listener:443:
InstancePort: '80'
InstanceProtocol: HTTP
ListenerEnabled: 'true'
ListenerProtocol: HTTPS
PolicyNames: null
SSLCertificateId: CERTIFICATE_ARN_HERE
将CERTIFICATE_ARN_HERE的值更改为AMC证书ARN.您可以在AWS Certificate Manager控制台中找到它:
Change the value for CERTIFICATE_ARN_HERE to your AMC Certificates ARN. You can find it in the AWS Certificate Manager console:
重要:您的aws:elb:listener:443设置必须置于aws:elb:listener:80设置上方.否则,环境配置更新将出错.
IMPORTANT: Your aws:elb:listener:443 setting MUST be placed above the aws:elb:listener:80 setting. Otherwise the environment configuration update will error out.
可以使用一般的aws cli工具通过更新环境命令.
The same can be accomplished using the general aws cli tools via the update-environment command.
aws elasticbeanstalk update-environment \
--environment-name APPLICATION_ENV --option-settings \
Namespace=aws:elb:listener:443,OptionName=InstancePort,Value=80 \
Namespace=aws:elb:listener:443,OptionName=InstanceProtocol,Value=HTTP \
Namespace=aws:elb:listener:443,OptionName=ListenerProtocol,Value=HTTPS \
Namespace=aws:elb:listener:443,OptionName=SSLCertificateId,Value=CERTIFICATE_ARN_HERE
注意::通过以上两种方法之一对其进行更新时,Elastic Beanstalk控制台都不会显示HTTPS已启用.但是,负载均衡器将而且也将适用于Cloudformation模板,并保存到EB的配置中.
NOTE: When you update it via either of the methods above, the Elastic Beanstalk console will not show HTTPS as enabled. But the load balancer will, and it will also apply to the Cloudformation template as well get saved into the EB's configuration.