amazon-web-servicesamazon-elastic-beanstalkaws-cloudformationaws-opsworks

cannot set my elastic load balancer with https in cloudformation


I have a problem in setting my cloudformation for beanstalk with https protocl enabled.

Here is my configuration setting:

 configurationTemplateUI:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
DependsOn: BeanstalkAppUI
Properties:
  ApplicationName:
    Ref: BeanstalkAppUI
  Description: AWS ElasticBeanstalk Sample Configuration Template
  OptionSettings:
  - Namespace: aws:autoscaling:asg
    OptionName: MinSize
    Value:
      Ref: MinEc2s
  - Namespace: aws:autoscaling:asg
    OptionName: MaxSize
    Value:
      Ref: MaxEc2s
  - Namespace: aws:elasticbeanstalk:environment
    OptionName: EnvironmentType
    Value: LoadBalanced
  - Namespace: aws:autoscaling:launchconfiguration
    OptionName: InstanceType
    Value:
      Ref: InstanceType
  - Namespace: aws:ec2:vpc
    OptionName: VPCId
    Value:
      Fn::ImportValue: !Sub ${BusinessUnit}-${EnvironmentInfra}-vpc-VpcId
  - Namespace: aws:ec2:vpc
    OptionName: Subnets
    Value:
      Fn::ImportValue: !Sub ${BusinessUnit}-${EnvironmentInfra}-vpc-SubnetIdPrivate${SubnetAvNumber}
  - Namespace: aws:ec2:vpc
    OptionName: ELBSubnets
    Value:
      Fn::ImportValue: !Sub ${BusinessUnit}-${EnvironmentInfra}-vpc-SubnetIdPublic${SubnetAvNumber}
  SolutionStackName:
    Ref: BeanstalkPackInstallationUI

As you see I have all bunch of values and this works awesome when I run it. I did not find anything on how to put the options for setting Elb with https. I can do it in console manually in beanstalk configuration in a networking section.

Can anyone shed light on that? is it possible in cloudformation?


Solution

  • I'd suggest you check out the aws:elb:listener:listener_port namespace.

    Here are some options I think you might find helpful:

    - Namespace: aws:elb:listener:443
      OptionName: ListenerProtocol
      Value: HTTPS
    - Namespace: aws:elb:listener:443
      OptionName: InstancePort
      Value: 80
    - Namespace: aws:elb:listener:443
      OptionName: InstanceProtocol
      Value: HTTP
    - Namespace: aws:elb:listener:443
      OptionName: SSLCertificateId
      Value: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
    

    In this example, it configures the ELB to accept HTTPS requests and serve them with the ACM certificate arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. SSL is terminated at the ELB, and connection to the backing EC2 instances is performed using standard HTTP.

    Hope that helps.

    Edit

    For some reason the CloudFormation Elastic Beanstalk options were not being respected in the newer style aws:elb:listener:listener_port options, but the asker was able to find success using the older style aws:elb:loadbalancer options

    - Namespace: aws:elb:loadbalancer
      OptionName: LoadBalancerHTTPPort
      Value: '80'
    - Namespace: aws:elb:loadbalancer
      OptionName: LoadBalancerHTTPSPort
      Value: '443'
    - Namespace: aws:elb:loadbalancer
      OptionName: SSLCertificateId
      Value: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012