I have been ignoring the message to upgrade awsebcli tool for long time. This time I did not ignore and made an attempt to upgrade:

pip install --upgrade awsebcli

No matching distribution found for botocore<1.22.0,>=1.21.0 (from awsebcli)

pip install --upgrade pip --user

sudo pip install --upgrade awsebcli botocore==1.19.63

ERROR: pip's legacy dependency resolver does not consider dependency conflicts when selecting packages. This behaviour is the source of the following dependency conflicts.
boto3 1.7.68 requires botocore<1.11.0,>=1.10.68, but you'll have botocore 1.19.63 which is incompatible.
awsebcli 3.20.2 requires botocore<1.22.0,>=1.21.0, but you'll have botocore 1.19.63 which is incompatible.

You might also like: HTTPS not working on AWS Elastic Beanstalk

It installed with errors. I verified installation by deploying my new update to beanstalk environment to see if awsebcli tool is working fine. It did not. I got this error:

File “/usr/local/bin/eb”, line 5, in 
    from ebcli.core.ebcore import main
  File “/Library/Python/2.7/site-packages/ebcli/core/ebcore.py”, line 19, in 
    from ebcli.core import ebglobals, base, hooks
  File “/Library/Python/2.7/site-packages/ebcli/core/hooks.py”, line 20, in 
    from ebcli.core import fileoperations
  File “/Library/Python/2.7/site-packages/ebcli/core/fileoperations.py”, line 32, in 
    from json import load, JSONDecodeError
ImportError: cannot import name JSONDecodeError

Solution:

I want to configure the web servers on my Elastic Beanstalk environment’s instances to redirect HTTP traffic to HTTPS.

I want to state what my beanstalk environment is:

• Apache Web Server.
• PHP 7.3
• HTTPS listener well configured with certificate

I will use a flexible way to configure my environment using .ebextensions

AWS provides a feature to exchange or swap the CNAME between environments. Documentation says -

If I want to upgrade my elastic beanstalk platform from say - for example php 5.6 to php 7.1 - then unfortunately I cannot do it. It allows me to upgrade within 5.6 platform but not switch between major platforms. Only recommended way is to create new environment with major upgraded platform and then swap the environment urls. This way original environment url will still be pointed to my domain running new platform.

Adding HTTPS to elastic beanstalk environment isn’t complicated to configure; until I fell into small mistake. Some of configuration dashboard’s flow been changed a bit from last time I setup the SSL certificate to a beanstalk environment.

Assumptions:

• SSL certificate is ready from AWS Certificate manager.
• Using lassic Load Balancer (Optional)
• Configuration on application side is all fine.

Now assumption is we already have a SSL certificate created from AWS Certificate manager. We will head inside configuration of beanstalk environment. Under Load Balancer Configuration, we will add new lister that listens to HTTPS protocol at port 443. Under the settings, HTTP listener will already be added by default. Another assumption is that default security group added during creation of environment has all correct inbound rules to allow proper incoming access. Generally this is all taken care by beanstalk environment behind the scenes so we will not delve into too deep but focus on abstraction layer where making a mistake is easily susceptible to a new user.