AWS Elastic Beanstalk environment with multiple Load Balancers

Question

I have the following situation: I have 1 Rails App that has 2 domains, each of these domains has multiple/dynamical subdomains. This app is in AWS using a load-balanced Elastic Beanstalk.

What i need is that those 2 domains that points to my single Rails App to work under SSL in port 443.

But since Elastic Beanstalk has only one load balancer, I can only use one single SSL certificate on port 433 :( Using a UCC SSL certificate won't be the solution because i need each domain certificate to be wildcard, so the dynamic subdomains will also work.

Any thoughts about how to get multiple Load Balancers playing nicely with an Elastic Beanstalk Environment?

Best.

Answer 1

It's a tough one with Elastic Beanstalk as they have a cookie cutter way of deploying your app and if it's not in their options then you have either "hack it" or just go with a completely different solution using EC2 or plain cloud servers.

One thing you can try is creating another ELB with the certificate of the second domain (and subdomains) and point it to your Elastic Beanstalk Instance. If you go to the ELB console you should be able to see the ELB for the first domain. Then, you can create your second domain based on the first domain.

Hope it helps.

Answer 2

To add multiple Elastic Load Balancers (ELB) to an Elastic Beanstalk (EB) application, you need to add the additional ELB to the auto scaling group of the EB app.

On the command line

The easiest way to achieve this is through the AWS CLI (https://aws.amazon.com/cli/):

aws autoscaling attach-load-balancers --auto-scaling-group-name <SG_NAME> --load-balancer-names <ELB_NAME>

In the AWS Console

Of course this can be done in the AWS Console, too:

1. Go to EC2 > Auto Scaling > Auto Scaling Groups
2. select the group you want to add the elb to
3. Select the Details Tab
4. Edit-Button on the top right
5. Use the Autocompletion in the Load Balancers field to add your load balancer
6. Save

For your convenience, you can see where you need to click for all of the 5 steps (don't forget to save!)

For me this works also on eb-generated auto scaling groups (Region: eu-central-1).

This might not have been available at the time of the question, but it is now.

Answer 3

I think that the best solution for your problem is to have multiple domains on the same SSL certificate and then assign that certificate to your ELB environment.

(you can have wildcards, maybe that wasn't available at the time the question was asked)

You don't need extra load balancers.

Answer 4

This worked for me,

First, create the load balancer

aws elb create-load-balancer --load-balancer-name my-load-balancer --listeners "Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80" "Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn-of-certificate" --subnets eb-subnet-of-primary-elb --security-groups sg-of-primary-elb

Then, attach load balancer to primary auto scaling group of EB env

aws autoscaling attach-load-balancers --auto-scaling-group-name asg-name-of-primary-asg-in-eb --load-balancer-names my-load-balancer

Answer 5

One more thing to be aware of is that EBS created instances need to allow your custom ELB to talk to them.

You need to create INBOUND rule in your EBS auto-created security group (with description SecurityGroup for ElasticBeanstalk environment) to allow TCP:80 access. I had my custom ELBs in a different security group so I specified that sg-**** ID as the source.