AWS Beanstalk redirect entire application from http to https

The aws load balancer forwards all https requests onto the ec2 instance over port 80. I need to somehow redirect all http request on to https.

What I've gathered thus far is you need to somehow modify the ec2 instance with the redirect rules and then save the instance as a new AMI and point beanstalk to the new AMI.

I found the following rewrite rule, but unfortunately I don't know what to do with it.

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

I ssh'd into my ec2 instance and went to /etc/httpd/ and that's as far as I made it. I'm completely lost with what I'm suppose to do from there.

1. Do I modify a file or do I create a new file?
2. If I need to modify or create a new file, where would it be or what would I call it and where would it go?
3. Could someone provide the exact contents of the file
4. Once I create/modify this file what do I do next? Do I just go to the ec2 page, click on the checkbox next to my instance, click actions, and finally create image?

If so, what does all this mean? I don't know what settings I'm suppose to have here.

Lastly, I'm assuming I just go to configuration in my beanstalk dashboard and just point my beanstalk env to my new AMI and restart the server. Does this sound correct?

If someone knows how to do this or a website describing the process in detail I'd appriciate it.

I'd like to point out that I'm using a java app on tomcat. I'm not sure if a custom AMI would effect scaling up of server sizes either.

I use cloudfront with my image servers, how does this work with beanstalk? I'm not against the idea.

Either create a custom origin that points to your [domain].elasticbeanstalk.com URL or a standard origin that points directly to the elastic beanstalk load balancer [load_balancer-id].[region].elb.amazonaws.com. Then when you create a behavior for that origin there is a radio button under viewer protocol policy for "redirect http to https" that you select and you are done. You will need to upload your certificate with a "path" so cloudfront can be your SSL endpoint. If you need SSL between cloudfront and your LB you will need a cname matching the domain of the cert for the custom origin.

I ended up resolving this a few days ago, but I found myself editing the httpd.conf file which was the cause of most of my issues. Once I discovered you needed to edit the elasticbeanstalk.conf file everything started working.

George: Please explain how you did this. There's obviously no point editing the auto-managed EC2 instance config, so how did you do it?

Welcome to ServerFault. Your answer will be better if, instead of saying copy this code from here, add this, delete that, you show the configuration they should use and explain why.