How to redirect HTTP to HTTPS in Elastic Beanstalk


I want to configure the web servers on my Elastic Beanstalk environment’s instances to redirect HTTP traffic to HTTPS.

I want to state what my beanstalk environment is:

  • Apache Web Server.
  • PHP 7.3
  • HTTPS listener well configured with certificate

I will use a flexible way to configure my environment using .ebextensions

According to documentation:
You can add AWS Elastic Beanstalk configuration files (.ebextensions) to your web application's source code to configure your environment and customize the AWS resources that it contains. Configuration files are YAML- or JSON-formatted documents with a .config file extension that you place in a folder named .ebextensions and deploy in your application source bundle.

AWS Elastic Beanstalk Swap Environment Urls


AWS provides a feature to exchange or swap the CNAME between environments. Documentation says -

CNAME swap

Because AWS Elastic Beanstalk performs an in-place update when you update your application versions, your application can become unavailable to users for a short period of time. You can avoid this downtime by performing a blue/green deployment, where you deploy the new version to a separate environment, and then swap CNAMEs of the two environments to redirect traffic to the new version instantly. A blue/green deployment is also required when you want to update an environment to an incompatible platform version.

If I want to upgrade my elastic beanstalk platform from say - for example php 5.6 to php 7.1 - then unfortunately I cannot do it. It allows me to upgrade within 5.6 platform but not switch between major platforms. Only recommended way is to create new environment with major upgraded platform and then swap the environment urls. This way original environment url will still be pointed to my domain running new platform.


HTTPS not working on AWS Elastic Beanstalk


Adding HTTPS to elastic beanstalk environment isn’t complicated to configure; until I fell into small mistake. Some of configuration dashboard’s flow been changed a bit from last time I setup the SSL certificate to a beanstalk environment.


  • SSL certificate is ready from AWS Certificate manager.
  • Using lassic Load Balancer (Optional)
  • Configuration on application side is all fine.

Now assumption is we already have a SSL certificate created from AWS Certificate manager. We will head inside configuration of beanstalk environment. Under Load Balancer Configuration, we will add new lister that listens to HTTPS protocol at port 443. Under the settings, HTTP listener will already be added by default. Another assumption is that default security group added during creation of environment has all correct inbound rules to allow proper incoming access. Generally this is all taken care by beanstalk environment behind the scenes so we will not delve into too deep but focus on abstraction layer where making a mistake is easily susceptible to a new user.


Recommended posts