将 AWS Certificate Manager(ACM 证书)与 Elastic Beanstalk 结合使用 [英] Using AWS Certificate Manager (ACM Certificate) with Elastic Beanstalk
问题描述
当您拥有通过 AWS Certificate Manager 为您的域颁发的证书时,您如何将该证书应用于 Elastic Beanstalk 应用程序.
是的,Elastic Beanstalk 应用程序是负载平衡的,并且确实有一个与其关联的 ELB.
我知道我可以将它直接应用于我自己的 ELB.但我想通过 Elastic Beanstalk 应用它,以便将 env 配置保存到 Cloud Formation 模板中.
我发现,你不能通过弹性 beantalk 控制台(至少现在还没有).但是,您仍然可以通过 eb cli 或 aws cli 进行设置.
使用 EB CLI
基本上我们要做的是更新 aws:elb:listener 设置,您可以在
重要提示:您的aws:elb:listener:443设置必须放在aws:elb:listener:80之上 设置.否则环境配置更新会报错.
使用 AWS CLI
同样可以通过 update-environment 命令.
aws elasticbeanstalk 更新环境 --environment-name APPLICATION_ENV --option-settings 命名空间=aws:elb:listener:443,OptionName=InstancePort,Value=80 命名空间=aws:elb:listener:443,OptionName=InstanceProtocol,Value=HTTP 命名空间=aws:elb:listener:443,OptionName=ListenerProtocol,Value=HTTPS 命名空间=aws:elb:listener:443,OptionName=SSLCertificateId,Value=CERTIFICATE_ARN_HERE注意:当您通过上述任一方法更新时,Elastic Beanstalk 控制台不会将 HTTPS 显示为已启用.但是负载均衡器会,而且它也适用于 Cloudformation 模板,并保存到 EB 的配置中.
When you have a certificate for your domain issued through AWS Certificate Manager, how do you apply that certificate to an Elastic Beanstalk application.
Yes, the Elastic Beanstalk application is load balanced and does have an ELB associated with it.
I know I can apply it directly to the ELB my self. But I want to apply it through Elastic Beanstalk so the env configuration is saved onto the Cloud Formation template.
I found out, you cannot do it through the elastic beanstalk console (at least not yet). However you can still set it via the eb cli, or aws cli.
Using EB CLI
Basically what we are trying to do is to update the aws:elb:listener setting, you can see the possible settings in the general options docs.
Using the EB CLI is pretty simple. Assuming we already setup the awsebcli tool for our project we can use the eb config command.
It will open up your default terminal editor and allow you to change settings which are written as a YAML file. When you make a change and save it, the eb config cmd will automatically update the settings for your Elastic Beanstalk environment.
You will need to add the following settings to your config file:
aws:elb:listener:443:
InstancePort: '80'
InstanceProtocol: HTTP
ListenerEnabled: 'true'
ListenerProtocol: HTTPS
PolicyNames: null
SSLCertificateId: CERTIFICATE_ARN_HERE
Change the value for CERTIFICATE_ARN_HERE to your AMC Certificates ARN. You can find it in the AWS Certificate Manager console:
IMPORTANT: Your aws:elb:listener:443 setting MUST be placed above the aws:elb:listener:80 setting. Otherwise the environment configuration update will error out.
Using AWS CLI
The same can be accomplished using the general aws cli tools via the update-environment command.
aws elasticbeanstalk update-environment
--environment-name APPLICATION_ENV --option-settings
Namespace=aws:elb:listener:443,OptionName=InstancePort,Value=80
Namespace=aws:elb:listener:443,OptionName=InstanceProtocol,Value=HTTP
Namespace=aws:elb:listener:443,OptionName=ListenerProtocol,Value=HTTPS
Namespace=aws:elb:listener:443,OptionName=SSLCertificateId,Value=CERTIFICATE_ARN_HERE
NOTE: When you update it via either of the methods above, the Elastic Beanstalk console will not show HTTPS as enabled. But the load balancer will, and it will also apply to the Cloudformation template as well get saved into the EB's configuration.
这篇关于将 AWS Certificate Manager(ACM 证书)与 Elastic Beanstalk 结合使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
