Deploying a Web-app with Elastic Beanstalk
Khang Tran
Posted on July 8, 2024
So a few months ago I made an E-commerce store as a personal project. I'll be deploying it today (again) with Elastic Beanstalk and documenting the process.
1. Elastic Beanstalk
For my MacOs machine, I have to install Homebrew. Once installed, run commands:
- brew update
- brew install awsebcli
- eb --version
Create a .ebextensions folder in the root directory of the Django application and inside it, a django.config file
option_settings:
aws:elasticbeanstalk:container:python:
WSGIPath: <app name>.wsgi:application
For me, the would be replaced with "ecom".
The name it consistent with this line in my settings.py:
WSGI_APPLICATION = "ecom.wsgi.application"
Since my project is in Django, I have to move to my root directory here,
If you're in your virtual environment, deactivate it by running:
- deactivate
Enter the project directory:
- cd ecom
Then run:
- eb init
I already have an Elastic Beanstalk config.yaml file it will only prompt me to setup SSH for my instances, however if I did not already launch it, it would ask which AZ to use, an application name, language, and platform I want to use.
Run
- eb create
This will create the Ec2 instances, security groups, CloudWatch logs and alarms, load balancers, an S3 bucket, etc.
I chose an application load balancer, "No" to Spot fleet requests, and chose default options for the rest of the prompts.
After a 5-10 min, the environment is then successfully created.
Running the command
- eb open
Opens the project successfully on the web browser.
Now in the settings.py file:
Take the URL and add in this line of code:
CSRF_TRUSTED_ORIGINS = ['<http://EB URL>']
This allows you to make POST requests to the website through HTTP.
When making any changes to the project, save and run:
- eb deploy
2. Route 53
Since the site is only using HTTP, I want to use Route53 to buy a domain and and register an SSL certificate. I used the SSL certificate to help create the 2 CNAME records I need to prove I own shoptop.click and www.shoptop.click. Next, I created 2 more A records for shoptop.click and www.shoptop.click, using them as an alias to point to my Elastic Beanstalk environment.
The settings.py file needs to be updated as well to include the new domain name.
CSRF_TRUSTED_ORIGINS = ["https://shoptop.click", "https://www.shoptop.click"]
3. EC2 Load Balancer
Currently, the load balancer is routing traffic from HTTP to the application, but I want to route the HTTP traffic to HTTPS.
So in the EC2 console I found my load balancer and clicked add listener
I then select the HTTPS protocol, which automatically selects port 443.
For "Routing Actions", I chose "forward to target groups" and chose my "awseb-..." target group that was automatically created with Elastic Beanstalk.
Then for the SSL/TLS certificate, I select "From "ACM" and look for the certificate that I created for my domain shoptop.click.
Now add the listener.
Currently, the HTTPS is not reachable, since the security group still needs to be edited. But first, the HTTP listener needs to be edited to route to my new HTTPS listener instead of directly to my application.
All this requires is to edit the listener and edit the "Routing Actions" and choose to redirect to URL. Choose HTTPS and port 443.
4. Security Group
While still in the EC2 console, I edited the security group by clicking "Security Groups" on the left sidebar. I found the "AWSELBLoadBalancerSecurityGroup..." and choose to edit its inbound rules.
Here is the configuration:
Now looking back at the load balancer, there is no longer an error for the HTTPS listener.
Shoptop is now up and running easily with Elastic Beanstalk and securely with HTTPS.
Moving forward, I want to look into securing the database against SQL injections utilizing AES, which might run up costs (this project is costing ~$100/mo already while running on AWS). I already had almost 20 fake users on the site only a day after I launched. Apparently email confirmation isn't enough to stop bots, but I implemented CAPTCHAv2 and haven't had a problem since.
Posted on July 8, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.