Configuring Elastic Beanstalk environment to use custom domain with SSL
TypeScriptTo configure an AWS Elastic Beanstalk environment to use a custom domain with SSL, you will need to perform several steps. This includes deploying an Elastic Beanstalk application, acquiring an SSL certificate (usually from AWS Certificate Manager), and configuring a custom domain in Route 53 to point to your Elastic Beanstalk environment.
The following Pulumi program in TypeScript demonstrates this process. First, it creates an Elastic Beanstalk application and environment. Then it shows how to request an SSL certificate from AWS Certificate Manager and finally sets up a DNS record to route traffic through the custom domain.
Make sure you have the
@pulumi/aws
package installed.import * as aws from "@pulumi/aws"; // Create an Elastic Beanstalk Application const app = new aws.elasticbeanstalk.Application("my-app", { description: "My Elastic Beanstalk Application", }); // Define the Elastic Beanstalk Environment const env = new aws.elasticbeanstalk.Environment("my-env", { application: app.name, solutionStackName: "64bit Amazon Linux 2 v5.3.0 running Node.js 12", // Example stack }); // Request a certificate from AWS Certificate Manager const cert = new aws.acm.Certificate("my-cert", { domainName: "my-custom-domain.com", validationMethod: "DNS", }); // Configure DNS to validate the certificate using Route 53 const domainValidationOptions = cert.domainValidationOptions.apply((options) => options[0]); // Create a DNS record for the ACM validation const validationRecord = new aws.route53.Record("cert-validation", { name: domainValidationOptions.resourceRecordName, type: domainValidationOptions.resourceRecordType, records: [domainValidationOptions.resourceRecordValue], zoneId: aws.route53.getZone({ name: "my-custom-domain.com" }).then(zone => zone.id), ttl: 300, }); // Wait for the certificate to be validated const validatedCert = new aws.acm.CertificateValidation("cert-validation", { certificateArn: cert.arn, validationRecordFqdns: [validationRecord.fqdn], }); // Set up a Route 53 Alias record to point to the Elastic Beanstalk environment const ebCname = env.cname.apply(cname => cname.replace('http://', '')); // Clean up the cname const aliasRecord = new aws.route53.Record("my-app", { name: "my-custom-domain.com", type: "A", aliases: [{ name: ebCname, zoneId: env.hostedZoneId, evaluateTargetHealth: true, }], zoneId: aws.route53.getZone({ name: "my-custom-domain.com" }).then(zone => zone.id), }); // Export the custom domain URL and Elastic Beanstalk environment URL export const customDomainUrl = aliasRecord.fqdn; export const ebEnvironmentUrl = env.cname;
Explanation:
-
We start by creating an Elastic Beanstalk application using
aws.elasticbeanstalk.Application
. The application is a logical collection for our Elastic Beanstalk environment. -
An Elastic Beanstalk environment represents the application deployed and running with specific configurations indicated by
solutionStackName
. You need to replace this with the stack that matches your application requirements. -
We request an SSL certificate using
aws.acm.Certificate
for our custom domain. We need to validate ownership of the domain, and AWS Certificate Manager (ACM) supports validation via DNS. -
For DNS validation, we create a DNS record through Route 53 using
aws.route53.Record
. This record is specifically for ACM to validate that you control the domain. -
We create another instance of
aws.route53.Record
for an A record to create an Alias that routes traffic for "my-custom-domain.com" to the Elastic Beanstalk environment. -
Lastly, we export the
customDomainUrl
andebEnvironmentUrl
for easy access to their values after the program is deployed.
Make sure you replace
"my-custom-domain.com"
with your actual domain, and you have the corresponding Route 53 zone ID for that domain. Also, you need to choose an appropriatesolutionStackName
for your Elastic Beanstalk environment based on the language and platform you are using.This program assumes that you have already configured the Pulumi CLI and have the proper AWS credentials set up. Once you run
pulumi up
with this program, you will have an Elastic Beanstalk environment using a custom domain secured with SSL.-