Does anyone know if it's possible to change an existing AWS Elastic Beanstalk environment to an Application Load Balancer (instead of a classic one).
As far as I know only Application ELB's can be protected with AWS WAF and DDOS "Shield" so any existing EB app can't take advantage of these features since they have classic ELB's.
Hello As Per AWS Documentation:
The Elastic Beanstalk Environment Management Console only supports
creating and managing an Elastic Beanstalk environment with a Classic
Load Balancer. For other options, see Application Load Balancer and
Network Load Balancer.
Also
Note You can only set the load balancer type during environment
creation. (Refer AWS Documetnation)
So When you deploy application to Elastic Beanstalk via AWS CLI:
Try
eb create test-env --elb-type network
or
eb create test-env --elb-type application
It is not possible to change the load balancer type for an existing environment but I have used the following process to create a cloned environment with an application load balancer (instead of classic).
- In the console, save configuration of the original env.
- In terminal,
eb config get [save name]
, you will get a file in .elasticbeanstalk\saved_configs
.
- Edit the file to add
OptionSettings:
aws:elasticbeanstalk:environment:
LoadBalancerType: application
and remove (if you have those):
aws:elb:loadbalancer:
CrossZone: true
aws:elb:policies:
ConnectionDrainingEnabled: true
aws:elb:listener:443:
[whatever]
You can use this opportunity to do other changes, such as upgrade PlatformArn
- Save modified config as [new save name].
- In terminal,
eb config put [new save name]
.
- Update your
.ebextensions
to have LoadBalancerType: application
and optionally add listener to elbv2. You can also create in the console manually later.
aws:elbv2:listener:443:
ListenerEnabled: true
SSLPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
SSLCertificateArns: [your cert id]
DefaultProcess: default
Protocol: HTTPS
Rules: ''
- Create a new env with
eb create [new env name] --cfg [new save name]
Now you will have a new environment with a different load balancer type side-by-side with your old environment. You can perform testing, make further configuration changes and then if all is well, swap CNAMEs and terminate the previous environment.