What Is The Easiest And Fastest Way To Add HTTPS To An AWS EC2 Instance?
I created an EC2 instance. It has a default URL like this:
http(s)://ec2-000-000-000-000.us-east-1.compute.amazonaws.com
I'm ok with this URL, the server is to be used for API calls, so I don't care about it - any URL will do, but I need it to be HTTPS (because it will be called from frontend of a website with HTTPS).
I know that I need a certificate, but I didn't find a way to get a certificate for the standard EC2 URL. So the question is: what is the easiest and fastest way to configure HTTPS without using a custom domain? If there are many ways, please, list them all.
Answer
It turned out to be pretty easy - it can be done with API Gateway.
- Create HTTP (not REST) API Gateway.
- Create a route:
ANY/{path+} - Attach an integration to the route with URI:
http://ec2-000-000-000-000.us-east-1.compute.amazonaws.com:3000/{path}(the port number is up to you)
That's it, now API Gateway HTTPS URL can be used: https://00000000.execute-api.us-east-1.amazonaws.com.
The only downside - it's accessible from both API gateway and the EC2 original HTTP link. It can be solved with Network Load Balancer and VPC link. In the EC2 security group you should allow connection only from your VPC (something like 172.31.0.0/16 should work), or more precisely only from the availability zones of the Network Load Balancer.
Read more here: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
Of course, API Gateway isn't free - you have to pay. And also you have to pay for the Network Load Balancer.
Alternatively you can configure CloudFront (there is a fee tier, but after it, you have to pay for the transferred data too) - maybe it will work, but it doesn't seem any better than API Gateway. I haven't tried it.
Also, you can use a secret prefix in the URL (and use it only in the API Gateway config) to make the URL effectively inaccessible without API Gateway and not configure the load balancer. As a temporary solution it's enough. In the long term, maybe it's worth using a custom domain for HTTPS.
Related Questions
- → AWS SDK with Lumen
- → Using AWS Certificate with a parked domain for a shopify store
- → laravel or AWS don't detect my https
- → S3 putObject callback not returning expected objects
- → Amazon S3 image hosting with Shopify
- → Redirection to https not working using AWS Elastic Beanstalk
- → Shopify app showing request blocked by an extension
- → AWS Iam commands, Working correct in terminal and not working in Laravel/PHP AWS SDK
- → Violates the following Content Security Policy directive: *** in Shopify
- → AWS S3 cannot delete objects in bucket via PHP SDK
- → Laravel s3 multiple buckets
- → AWS IoT private.pem.key doesn't exist
- → Supervise queue in laravel 5.1