DEV Community

Khang Tran
Khang Tran

Posted on

Deploying a Web-app with Elastic Beanstalk

So a few months ago I made an E-commerce store as a personal project. I'll be deploying it today (again) with Elastic Beanstalk and documenting the process.

1. Elastic Beanstalk

For my MacOs machine, I have to install Homebrew. Once installed, run commands:

  • brew update
  • brew install awsebcli
  • eb --version

Create a .ebextensions folder in the root directory of the Django application and inside it, a django.config file

option_settings:
 aws:elasticbeanstalk:container:python:
  WSGIPath: <app name>.wsgi:application
Enter fullscreen mode Exit fullscreen mode

For me, the would be replaced with "ecom".

The name it consistent with this line in my settings.py:

WSGI_APPLICATION = "ecom.wsgi.application"
Enter fullscreen mode Exit fullscreen mode

Since my project is in Django, I have to move to my root directory here,

Root Directory

If you're in your virtual environment, deactivate it by running:

  • deactivate

Enter the project directory:

  • cd ecom

Then run:

  • eb init

I already have an Elastic Beanstalk config.yaml file it will only prompt me to setup SSH for my instances, however if I did not already launch it, it would ask which AZ to use, an application name, language, and platform I want to use.

Run

  • eb create

This will create the Ec2 instances, security groups, CloudWatch logs and alarms, load balancers, an S3 bucket, etc.

I chose an application load balancer, "No" to Spot fleet requests, and chose default options for the rest of the prompts.

After a 5-10 min, the environment is then successfully created.

Running the command

  • eb open

Opens the project successfully on the web browser.

Now in the settings.py file:

Take the URL and add in this line of code:

CSRF_TRUSTED_ORIGINS = ['<http://EB URL>']
Enter fullscreen mode Exit fullscreen mode

This allows you to make POST requests to the website through HTTP.

When making any changes to the project, save and run:

  • eb deploy

Site Main Page

2. Route 53

Since the site is only using HTTP, I want to use Route53 to buy a domain and and register an SSL certificate. I used the SSL certificate to help create the 2 CNAME records I need to prove I own shoptop.click and www.shoptop.click. Next, I created 2 more A records for shoptop.click and www.shoptop.click, using them as an alias to point to my Elastic Beanstalk environment.

The settings.py file needs to be updated as well to include the new domain name.

CSRF_TRUSTED_ORIGINS = ["https://shoptop.click", "https://www.shoptop.click"]
Enter fullscreen mode Exit fullscreen mode

3. EC2 Load Balancer

Currently, the load balancer is routing traffic from HTTP to the application, but I want to route the HTTP traffic to HTTPS.

So in the EC2 console I found my load balancer and clicked add listener

Load Balancer

I then select the HTTPS protocol, which automatically selects port 443.

For "Routing Actions", I chose "forward to target groups" and chose my "awseb-..." target group that was automatically created with Elastic Beanstalk.

Then for the SSL/TLS certificate, I select "From "ACM" and look for the certificate that I created for my domain shoptop.click.

Now add the listener.

Currently, the HTTPS is not reachable, since the security group still needs to be edited. But first, the HTTP listener needs to be edited to route to my new HTTPS listener instead of directly to my application.

All this requires is to edit the listener and edit the "Routing Actions" and choose to redirect to URL. Choose HTTPS and port 443.

4. Security Group

While still in the EC2 console, I edited the security group by clicking "Security Groups" on the left sidebar. I found the "AWSELBLoadBalancerSecurityGroup..." and choose to edit its inbound rules.

Here is the configuration:

Security Group Configuration

Now looking back at the load balancer, there is no longer an error for the HTTPS listener.

Load Balancer Listeners

Shoptop is now up and running easily with Elastic Beanstalk and securely with HTTPS.

Moving forward, I want to look into securing the database against SQL injections utilizing AES, which might run up costs (this project is costing ~$100/mo already while running on AWS). I already had almost 20 fake users on the site only a day after I launched. Apparently email confirmation isn't enough to stop bots, but I implemented CAPTCHAv2 and haven't had a problem since.

Top comments (0)