[jesdynf]

It was CloudFormation that made it difficult -- I had to work out exactly how to get the certificate all the way down to the load balancer's configuration details, starting from CloudFormation's interface into provisioning Elastic Beanstalk.

However, the format ELB would accept a certificate in was really frustrating, too -- I ended up having to create a Lambda function that would load a certificate file from S3 and then parse it and then return the results as a resource CFN could later refer to. If I could've simply provided an S3 URI that the CA lived in, and had the ELB load it up during initial config, I could've used many fewer layers.

The CFN syntax for actually setting those critical ELB details was also unclear, too. It took some experimentation and off-Amazon examples before I finally understood how the rule groupings worked together.

If you're curious about what the final results were, the tail-end of https://github.com/openemr/openemr-devops/blob/master/packag.... covers a lot of that ground. Thanks!