Can't access HTTPS site on Elastic Beanstalk after configuring HTTPS in the load balancer

mpiz picture mpiz · Feb 20, 2014 · Viewed 8.5k times · Source

I have a standard Elastic Beanstalk app set up and running great over HTTP. There is one EC2 instance (for now), and the domain is configured with a CNAME pointing to the load balancer. Following the instructions in the AWS documentation, I inputted the SSL certificate and configured the load balancer as such:

  • Load balancer protocol: HTTPS
  • Load balancer port: 443
  • Instance protocol: HTTP
  • Instance port: 80
  • Cipher: [default]
  • SSL certificate: myCert

The changes look like they have been applied; in the load balancer description, I see:

Port configuration: 
80 (HTTP) forwarding to 80 (HTTP)
    Stickiness: Disabled

443 (HTTPS, Certificate: myCert) forwarding to 80 (HTTP)
    Stickiness: Disabled

However, I cannot access the site at the HTTPS load balancer URL or my domain's HTTPS URL. Request times out. The HTTP site continues to work well.

Is there any additional configuration I have to do to have the server respond on HTTPS? Am I correct in assuming that there is no configuration required at the app level, since SSL is terminated at the load balancer and the app will continue to speak HTTP?

Answer

Rico picture Rico · Feb 20, 2014

What I suspect you are missing is allowing access to your instance from your load balancer's security group.

You can see the load balancer's security group here:

ELB SG

Then you can see add it to your instance's security group here:

enter image description here