Deploy a Java Tomcat war on AWS with SSL in 5 minutes

In this tutorial we will deploy a Java Tomcat war to AWS Elastic Beanstalk. Also we will plug it to our own domain, with full SSL support. Finally we will add HTTP to HTTPS redirection, so that no unsecure connection to our app can happen.

If you want to deploy a Python Django webapp on AWS, the process is very similar. You can follow this tutorial.

1) AWS Certificate manager (ACM)

Starting from a domain you own (from GoDaddy for instance), create or upload a SSL certificate on ACM, through the AWS console.

2) Prepare your Java webapp project for deployment

In your webapp code, create the following folder:


In the folder .ebextensions, create a new file called lb.config with the following content:

Replace <CertificateARN> with the ARN of your SSL certificate from step 1) .

3) Build the war

Build your .war using Maven for instance:

mvn clean package

4) Create an Elastic Beanstalk project and upload the war

In the AWS console, create a new Elastic Beanstalk project, using the Tomcat platform. Then deploy your app by uploading the war generated at step 3) .

5) Find your Elastic Beanstalk domain name

You can find the domain name of your deployed app in the AWS Elastic Beanstalk console. Also, you can use the Elastic Beanstalk CLI, which is called eb, and run the following command:

$ eb status
Environment details for: Booker-env
  Application name: booker
  Region: us-west-2
  Deployed Version: booker-source-32
  Environment ID: e-gxkjmvkabt
  Platform: arn:aws:elasticbeanstalk:us-west-2::platform/Tomcat 8.5 with Corretto 11 running on 64bit Amazon Linux 2/4.2.4
  Tier: WebServer-Standard-1.0
  Updated: 2021-08-12 11:37:16.839000+00:00
  Status: Ready
  Health: Green

Look at the line that starts with CNAME: , this is your Elastic Beanstalk domain name. It should look like this:

6) Plug your domain on top of Elastic Beanstalk

The final domain where I want to access my Tomcat app is . This is the domain for which I created a SSL certificate in ACM in step 1) . So now I go to my domain provider where I own the domain , and I add the following CNAME entry (using the Elastic Beanstalk domain from step 5)):

CNAME demo

7) Test your Tomcat app

Your app is now accessible at both and . Both use SSL and no unsecure traffic is allowed. You will see the SSL lock in your browser:

That’s it ! You now have a secured Java Tomcat app that you can share with the world. If you need help leave us a reply, we answer within 24 hours.

Leave a Reply

Your email address will not be published. Required fields are marked *