将AWS Certificate Manager(ACM证书)与Elastic Beanstalk配合使用
[英]Using AWS Certificate Manager (ACM Certificate) with Elastic Beanstalk
问题描述
When you have a certificate for your domain issued through AWS Certificate Manager, how do you apply that certificate to an Elastic Beanstalk application. 
当您拥有通过AWS Certificate Manager颁发的域证书时,如何将该证书应用于Elastic Beanstalk应用程序。
Yes, the Elastic Beanstalk application is load balanced and does have an ELB associated with it. 是的,Elastic Beanstalk应用程序是负载平衡的,并且确实有一个与之关联的ELB。
I know I can apply it directly to the ELB my self. 我知道我可以将它直接应用到ELB我自己。 But I want to apply it through Elastic Beanstalk so the env configuration is saved onto the Cloud Formation template. 但我希望通过Elastic Beanstalk应用它,以便将env配置保存到Cloud Formation模板中。
4 个解决方案
解决方案1
14 已采纳 2016-02-03 09:48:06
I found out, you cannot do it through the elastic beanstalk console (at least not yet). 我发现,你不能通过弹性beanstalk控制台(至少还没有)。 However you can still set it via the eb cli, or aws cli. 但是你仍然可以通过eb cli或aws cli设置它。
Using EB CLI 使用EB CLI
Basically what we are trying to do is to update the aws:elb:listener setting, you can see the possible settings in the general options docs. 基本上我们要做的是更新aws:elb:listener设置,你可以在常规选项文档中看到可能的设置。
Using the EB CLI is pretty simple. 使用EB CLI非常简单。 Assuming we already setup the awsebcli tool for our project we can use the eb config command. 假设我们已经为项目设置了awsebcli工具,我们可以使用eb config命令。
It will open up your default terminal editor and allow you to change settings which are written as a YAML file. 它将打开您的默认终端编辑器,并允许您更改写为YAML文件的设置。 When you make a change and save it, the eb config cmd will automatically update the settings for your Elastic Beanstalk environment. 当您进行更改并保存时, eb config cmd将自动更新Elastic Beanstalk环境的设置。
You will need to add the following settings to your config file: 您需要将以下设置添加到配置文件中:
aws:elb:listener:443:
InstancePort: '80'
InstanceProtocol: HTTP
ListenerEnabled: 'true'
ListenerProtocol: HTTPS
PolicyNames: null
SSLCertificateId: CERTIFICATE_ARN_HERE
Change the value for CERTIFICATE_ARN_HERE to your AMC Certificates ARN. 将CERTIFICATE_ARN_HERE的值更改为您的AMC证书ARN。 You can find it in the AWS Certificate Manager console: 您可以在AWS Certificate Manager控制台中找到它:
IMPORTANT: Your aws:elb:listener:443 setting MUST be placed above the aws:elb:listener:80 setting. 重要提示:你的aws:elb:listener:443设置必须放在aws:elb:listener:80设置之上。 Otherwise the environment configuration update will error out. 否则,环境配置更新将出错。
Using AWS CLI 使用AWS CLI
The same can be accomplished using the general aws cli tools via the update-environment command. 通过update-environment命令使用常规aws cli工具可以实现相同的目的。
aws elasticbeanstalk update-environment \
--environment-name APPLICATION_ENV --option-settings \
Namespace=aws:elb:listener:443,OptionName=InstancePort,Value=80 \
Namespace=aws:elb:listener:443,OptionName=InstanceProtocol,Value=HTTP \
Namespace=aws:elb:listener:443,OptionName=ListenerProtocol,Value=HTTPS \
Namespace=aws:elb:listener:443,OptionName=SSLCertificateId,Value=CERTIFICATE_ARN_HERE
NOTE: When you update it via either of the methods above, the Elastic Beanstalk console will not show HTTPS as enabled. 注意:通过上述任一方法更新它时,Elastic Beanstalk控制台不会将HTTPS显示为已启用。 But the load balancer will, and it will also apply to the Cloudformation template as well get saved into the EB's configuration. 但负载均衡器将会,也将应用于Cloudformation模板,并保存到EB的配置中。
解决方案2
2 2016-08-03 15:53:53
I find the simplest way is change the EB Load Balancer via the user console. 我发现最简单的方法是通过用户控制台更改EB Load Balancer。 Click change and select the new ACM certificate. 单击更改并选择新的ACM证书。
When you view the EB configuration, it will not appear, but it will be set 当您查看EB配置时,它不会出现,但会被设置
解决方案3
0 2016-11-01 14:19:44
You can do this purely with CloudFormation; 您可以使用CloudFormation完全执行此操作; however, as seems to be quite common with Elastic Beanstalk the configuration options are much harder to find in the docs than they are for the individual components that comprise Elastic Beanstalk. 然而,正如Elastic Beanstalk似乎很常见的那样,配置选项在文档中比在构成Elastic Beanstalk的单个组件中更难找到。 The info is here: 信息在这里:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-elbloadbalancer http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-elbloadbalancer
But basically what you need to do is add the creation of the cert to your template and then reference it in OptionSettings in AWS::ElasticBeanstalk::ConfigurationTemplate : 但基本上您需要做的是将模板的创建添加到模板中,然后在AWS::ElasticBeanstalk::ConfigurationTemplate中的OptionSettings中引用它:
"Certificate" : {
"Type": "AWS::CertificateManager::Certificate",
"Properties": {
"DomainName": "example.com",
}
},
// ...
"ElasticbeanstalkTemplate": {
"Type": "AWS::ElasticBeanstalk::ConfigurationTemplate",
"Properties": {
"SolutionStackName": "MyEBStack",
"ApplicationName": "MyAppName",
"Description": "",
"OptionSettings": [{
"Namespace": "aws:elb:listener:443",
"OptionName": "InstancePort",
"Value": "80"
}, {
"Namespace": "aws:elb:listener:443",
"OptionName": "InstanceProtocol",
"Value": "HTTP"
}, {
"Namespace": "aws:elb:listener:443",
"OptionName": "ListenerProtocol",
"Value": "HTTPS"
}, {
"Namespace": "aws:elb:listener:443",
"OptionName": "SSLCertificateId",
"Value": {
"Ref": "Certificate"
}
}, /*More settings*/]
解决方案4
0 2016-11-09 14:36:48
Check in which zone you created the certificate and if it matches the Elastic Beanstalk zone. 检查您创建证书的区域以及它是否与Elastic Beanstalk区域匹配。 I had them in different zones so it didn't work. 我把它们放在不同的区域,所以它不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.