14

I have the following situation: I have 1 Rails App that has 2 domains, each of these domains has multiple/dynamical subdomains. This app is in AWS using a load-balanced Elastic Beanstalk.

What i need is that those 2 domains that points to my single Rails App to work under SSL in port 443.

But since Elastic Beanstalk has only one load balancer, I can only use one single SSL certificate on port 433 :( Using a UCC SSL certificate won't be the solution because i need each domain certificate to be wildcard, so the dynamic subdomains will also work.

Any thoughts about how to get multiple Load Balancers playing nicely with an Elastic Beanstalk Environment?

Best.

varun7447
  • 574
  • 1
  • 6
  • 27
rafaismyname
  • 188
  • 1
  • 9
  • The answer marked correct in this thread should work, but I thought I'd share that the Madmuffin and sybind answers might only work for Classic load balancers, I answered here on how to do this with Application load balancers and use rules to forward traffic to different beanstalk environments: https://stackoverflow.com/a/57564213/8222386 – C Rudolph Aug 19 '19 at 21:40

5 Answers5

24

To add multiple Elastic Load Balancers (ELB) to an Elastic Beanstalk (EB) application, you need to add the additional ELB to the auto scaling group of the EB app.

On the command line

The easiest way to achieve this is through the AWS CLI (https://aws.amazon.com/cli/):

aws autoscaling attach-load-balancers --auto-scaling-group-name <SG_NAME> --load-balancer-names <ELB_NAME>

In the AWS Console

Of course this can be done in the AWS Console, too:

  1. Go to EC2 > Auto Scaling > Auto Scaling Groups
  2. select the group you want to add the elb to
  3. Select the Details Tab
  4. Edit-Button on the top right
  5. Use the Autocompletion in the Load Balancers field to add your load balancer
  6. Save

For your convenience, you can see where you need to click for all of the 5 steps (don't forget to save!) clickpath_image

For me this works also on eb-generated auto scaling groups (Region: eu-central-1).

This might not have been available at the time of the question, but it is now.

Community
  • 1
  • 1
madmuffin
  • 963
  • 10
  • 26
  • 2
    This will work well in every case except when the elastic beanstalk environment is configured to use Blue/Green deployment. Blue/Green deployment changes the autoscaling group that the application uses, so this method will break the second load balancer when a new version is deployed. But in all other situations this is the solution to use. – Sean Reilly Aug 12 '16 at 12:06
  • This does not work for me. The instances are not added automatically to the new Load Balancer and if I add them manually they fail to attach (they don't pass the health test, I suspect they don't accept requests being passed from the new LB) – Ben Dubuisson Oct 05 '16 at 00:04
  • Thank you, thank you, thank you! This answer will not only be an incredible time saver for me, it's also very thorough! – Chris W. Jun 12 '17 at 22:08
6

It's a tough one with Elastic Beanstalk as they have a cookie cutter way of deploying your app and if it's not in their options then you have either "hack it" or just go with a completely different solution using EC2 or plain cloud servers.

One thing you can try is creating another ELB with the certificate of the second domain (and subdomains) and point it to your Elastic Beanstalk Instance. If you go to the ELB console you should be able to see the ELB for the first domain. Then, you can create your second domain based on the first domain.

Hope it helps.

Rico
  • 58,485
  • 12
  • 111
  • 141
  • 2
    Hey @Rico, thanks for the suggestion. But, i've already tried to manually create another ELB and point the other domain to it. It works, but the EB's auto-scale won't add the new instance to this new ELB, just the one auto-generated by Elastic Beanstalk :( – rafaismyname Jan 21 '14 at 20:12
  • 4
    For that you are gonna have to manually create another autoscaling group then add the two ELBs to that autoscaling group. You can use the same launch configuration as the one used by your Elastic Beanstalk application. It's not pretty but should do the trick. The reason you have to create another autoscale group it's because an existing one won't let you add a second ELB. – Rico Jan 21 '14 at 20:17
  • 4
    @Rico Thanks for your solution! Interestingly enough, I was able to add a second ELB to an existing autoscale group. – myabc Aug 28 '15 at 11:44
  • 1
    Thanks for the tip. Wrote an article to detail a step-by-step. Hopefully I can save someone else the time I wasted haha https://labs.chiedo.com/blog/adding-multiple-ssl-certificates-to-an-elastic-beanstalk-application-on-aws/ – Chiedo Aug 21 '17 at 19:30
0

I think that the best solution for your problem is to have multiple domains on the same SSL certificate and then assign that certificate to your ELB environment.

(you can have wildcards, maybe that wasn't available at the time the question was asked)

You don't need extra load balancers.

Ben Dubuisson
  • 727
  • 13
  • 38
0

This worked for me,

First, create the load balancer

aws elb create-load-balancer --load-balancer-name my-load-balancer --listeners "Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80" "Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn-of-certificate" --subnets eb-subnet-of-primary-elb --security-groups sg-of-primary-elb

Then, attach load balancer to primary auto scaling group of EB env

aws autoscaling attach-load-balancers --auto-scaling-group-name asg-name-of-primary-asg-in-eb --load-balancer-names my-load-balancer
sybind
  • 3,418
  • 5
  • 25
  • 25
0

One more thing to be aware of is that EBS created instances need to allow your custom ELB to talk to them.

You need to create INBOUND rule in your EBS auto-created security group (with description SecurityGroup for ElasticBeanstalk environment) to allow TCP:80 access. I had my custom ELBs in a different security group so I specified that sg-**** ID as the source.

Dmitry Polyakovsky
  • 1,535
  • 11
  • 31