HTTPS setup in Amazon EC2

Question

How do we enable HTTPS in Amazon EC2  Our site is working on HTTP

User · Answer

You need to register a domain on GoDaddy for example  and put a load balancer in front of your ec2 instance - as DigaoParceiro said in his answer  The issue is that domains generated by amazon on your ec2 instances are ephemeral  Today the domain is belonging to you  tomorrow it may not  For that reason  let s encrypt throws an error when you try to register a certificate on amazon generated domain that states  The ACME server refuses to issue a certificate for this domain name  because it is forbidden by policy More details about this here  https   community letsencrypt org t policy-forbids-issuing-for-name-on-amazon-ec2-domain 12692 4

User · Answer

One of the best resources I found was using let s encrypt  you do not need ELB nor cloudfront for your EC2 instance to have HTTPS  just follow the following simple instructions  let s encrypt Login to your server and follow the steps in the link    It is also important as mentioned by others that you have port 443 opened by editing your security groups  You can view your certificate or any other website s by changing the site name in this link  Please do not forget that it is only valid for 90 days

User · Answer

There must be also an answer for people who want a hassle free https on ec2 for mainly demo and testing purposes  one way they can achieve that very fast is   With my answer here which describes How you can achieve https for testing purposes in minutes with EC2 without the hassle of creating certificates

User · Answer

Use Elastic Load Balacing  it supports SSL termination at the Load Balancer  including offloading SSL decryption from application instances and providing centralized management of SSL certificates

User · Answer

This answer is focused to someone that buy a domain in another site  as GoDaddy  and want to use the Amazon free certificate with Certificate Manager  This answer uses Amazon Classic Load Balancer  paid  see the pricing before using it    Step 1 - Request a certificate with Certificate Manager  Go to Certificate Manager   Request Certificate   Request a public certificate  On Domain name you will add myprojectdomainname com and   myprojectdomainname com and go on Next  Chose Email validation and Confirm and Request  Open the email that you have received  on the email account that you have buyed the domain  and aprove the request  After this  check if the validation status of  myprojectdomainname com and   myprojectdomainname com is sucess  if is sucess you can continue to Step 2  Step 2 - Create a Security Group to a Load Balancer  On EC2 go to Security Groups   and Create a Security Group and add the http and https inbound   It will be something like    Step 3 - Create the Load Balancer  EC2   Load Balancer   Create Load Balancer   Classic Load Balancer  Third option   Create LB inside - the vpc of your project On Load Balancer Protocol add Http and Https    Next   Select exiting security group  Choose the security group that you have create in the previous step  Next   Choose certificate from ACM  Select the certificate of the step 1  Next     on Health check i ve used the ping path    one slash instead of  index html   Step 4 - Associate your instance with the security group of load balancer  EC2   Instances   click on your project   Actions   Networking   Change Security Groups  Add the Security Group of your Load Balancer  Step 5  EC2   Load Balancer   Click on the load balancer that you have created   copy the DNS Name  A Record   it will be something like myproject-2021611191 us-east-1 elb amazonaws com  Go to Route 53   Routes Zones   click on the domain name   Go to Records Sets  If you are don t have your domain here  create a hosted zone with Domain Name  myprojectdomainname com and Type  Public Hosted Zone   Check if you have a record type A  probably not   create edit record set with name empty  type A  alias Yes and Target the dns that you have copied  Create also a new Record Set of type A  name   myprojectdomainname com  alias Yes and Target your domain  myprojectdomainname com   This will make possible access your site with www myprojectdomainname com and subsite myprojectdomainname com  Note  You will need to configure your reverse proxy  Nginx Apache  to do so   On NS copy the 4 Name Servers values to use on the next Step  it will be something like   ns-362 awsdns-45 com ns-1558 awsdns-02 co uk ns-737 awsdns-28 net ns-1522 awsdns-62 org  Go to EC2   Instances   And copy the IPv4 Public IP too  Step 6  On the domain register site that you have buyed the domain  in my case GoDaddy   Change the routing to http    lt Your IPv4 Public IP Number gt  and select Forward with masking  Change the Name Servers  NS  to the 4 NS that you have copied  this can take 48 hours to make effect

User · Answer

You can also use Amazon API Gateway  Put your application behind API Gateway  Please check this FAQ

User · Answer

Amazon EC2 instances are just virtual machines so you would setup SSL the same way you would set it up on any server   You don t mention what platform you are on  so it difficult to give any more information

User · Answer

An old question but worth mentioning another option in the answers  In case the DNS system of your domain has been defined in Amazon Route 53  you can use Amazon CloudFront service in front of your EC2 and attach a free Amazon SSL certificate to it  This way you will benefit from both having a CDN for a faster content delivery and also securing you domain with HTTPS protocol

User · Answer

First  you need to open HTTPS port  443   To do that  you go to https   console aws amazon com ec2  and click on the Security Groups link on the left  then create a new security group with also HTTPS available   Then  just update the security group of a running instance or create a new instance using that group   After these steps  your EC2 work is finished  and it s all an application problem

[amazon-ec2] HTTPS setup in Amazon EC2

Examples related to amazon-ec2

Examples related to https