Amazon CloudFront with AWS Certificate Manager

Amazon CloudFront with AWS Certiﬁcate Manager @Amimoto_Ami amimoto-ami.com

Architecture

Amazon CloudFront AWS Certiﬁcate Manager w )JHITQFFEDPOUFOUEFMJWFSZ  VTJOH$%/ w "VUPNBUFE44-DFSUJpDBUF 
NBOBHFNFOU $BOCFNBEF

Get SSL certiﬁcation Workﬂow Preparations

Preparation

ɾadministrator@your_domain ɾhostmaster@your_domain ɾpostmaster@your_domain ɾwebmaster@your_domain ɾadmin@your_domain 7BMJEBUJPOFNBJMBEESFTT

If you have validation e-mail address and receive mails to
it, no setting are required any more. 7BMJEBUJPOFNBJMBEESFTT

If you have no validation e-mail address, follow these steps
to receive mails through AWS SES. 7BMJEBUJPOFNBJMBEESFTT

Set up Amazon SES Workﬂow Create S3 bucket Preparation

Amazon S3 w "NB[PO4JNQMF4UPSBHF4FSWJDF w &BTZUPVTFPCKFDUTUPSBHFTFSWJDF w 8F`MMVTFJUGPSTUPSFNFTTBHFT4&4 "NB[PO4

Add bucket policy Workﬂow Create S3 bucket

Click [Create Bucket]

Input Bucket Name and Region then click [Create]

Add bucket policy Workﬂow Create S3 bucket

Click [Add bucket policy] in Permissions section in Properties

Edit Bucket Policy then [Save]

Bucket Policy https://docs.aws.amazon.com/ses/latest/DeveloperGuide/ receiving-email-permissions.html

Set up Amazon SES Workﬂow Create S3 bucket Preparation

Amazon SES w "NB[PO4JNQMF&NBJM4FSWJDF w 4FOESFDFJWFFNBJMTFSWJDF w 8F`MMVTFJUGPS$MPVE'SPOU  FNBJMWFSJpDBUJPO "NB[PO4&4

Testing e-mail Workﬂow Create a Receipt Rule

Email Receiving — [Rule Sets] — [Create a Receipt Rule]

Click [Add Recipient] after ﬁll in e-mail address to Recipient

Set displayed records to your DNS server. If your DNS
is Route53, simply click [Use Route 53].

After clicking [Use Route 53], some checkbox will appear. Check
them all then [Create Record Sets]. (only for Route 53 user)

Select created S3 bucket click [Next]

Fill in the [Rule name] then click [Next Step]

Setting conﬁrmation. After conﬁrmation, click [Create Rule Set]

Status turns to Enabled when you completed DNS conﬁguration and
its veriﬁcation.

Testing e-mail Workﬂow Create a Receipt Rule

Send test mail to created e-mail address from your favourite
mail client software.

If you find a file except AMAZON_SES_SETUP_NOTIFICATION file in S3
bucket, settings are working correct.

Get SSL certiﬁcation

CloudFront Workﬂow Certiﬁcate Manager

AWS Certiﬁcate Manager • SSL certiﬁcation provided by AWS •
Available for CloudFront and ELB • No additional fee • Automatically renewal "84$FSUJpDBUF.BOBHFS

Click [Get started]

Input your domain name to [Domain name] ﬁeld then click
[Review and request]

After conﬁrmation, click [Conﬁrm and request]

Click [Continue]

You’ll see list of certiﬁcate status of domains

Open the veriﬁcation URL with your browser in the mail
in S3 bucket

Open veriﬁcation URL with your browser,   then click [I
Approve]

Success! Congratulations! You ﬁnally get SSL certiﬁcation

Also you can check certiﬁcate request status on AWS console.

CloudFront Workﬂow Certiﬁcate Manager

Amazon CloudFront • AWS managed CDN service • Low latency
and reduce server loads • Supports failover if a failure "NB[PO$MPVE'SPOU

Choose the distribution you wants to add SSL in Distributions

Click [Edit] in General tab

Select created SSL certiﬁcation in Custom SSL Certiﬁcate

You can see that SSL certiﬁcate is set to your
domain.  It takes a little while.

http://amimoto-ami.com/slack/ Feel free to contact us:

@Amimoto_Ami amimoto-ami.com THANK YOU! Amazon CloudFront + AWS Certiﬁcate Manager

Amazon CloudFront with AWS Certificate Manager

Amazon CloudFront with AWS Certificate Manager

More Decks by AMIMOTO

Other Decks in How-to & DIY

Featured

Transcript