Does anyone know if it's possible to change an existing AWS Elastic Beanstalk environment to an Application Load Balancer (instead of a classic one).

As far as I know only Application ELB's can be protected with AWS WAF and DDOS "Shield" so any existing EB app can't take advantage of these features since they have classic ELB's.

Hello As Per AWS Documentation:

The Elastic Beanstalk Environment Management Console only supports creating and managing an Elastic Beanstalk environment with a Classic Load Balancer. For other options, see Application Load Balancer and Network Load Balancer.

Also

Note You can only set the load balancer type during environment creation. (Refer AWS Documetnation)

So When you deploy application to Elastic Beanstalk via AWS CLI:

Try

eb create test-env --elb-type network

or

eb create test-env --elb-type application

It is not possible to change the load balancer type for an existing environment but I have used the following process to create a cloned environment with an application load balancer (instead of classic).

1. In the console, save configuration of the original env.
2. In terminal, eb config get [save name], you will get a file in .elasticbeanstalk\saved_configs .
3. Edit the file to add

OptionSettings: aws:elasticbeanstalk:environment: LoadBalancerType: application

and remove (if you have those):

aws:elb:loadbalancer: CrossZone: true aws:elb:policies: ConnectionDrainingEnabled: true aws:elb:listener:443: [whatever]

You can use this opportunity to do other changes, such as upgrade PlatformArn

4. Save modified config as [new save name].
5. In terminal, eb config put [new save name] .
6. Update your .ebextensions to have LoadBalancerType: application and optionally add listener to elbv2. You can also create in the console manually later.

aws:elbv2:listener:443: ListenerEnabled: true SSLPolicy: ELBSecurityPolicy-TLS-1-2-2017-01 SSLCertificateArns: [your cert id] DefaultProcess: default Protocol: HTTPS Rules: ''

7. Create a new env with eb create [new env name] --cfg [new save name]

Now you will have a new environment with a different load balancer type side-by-side with your old environment. You can perform testing, make further configuration changes and then if all is well, swap CNAMEs and terminate the previous environment.