# High speed content delivery using CDN. # Automated SSL certificate management.
Amazon CloudFrontwithAWS Certificate Manager@Amimoto_Amiamimoto-ami.com
View Slide
Architecture
Amazon CloudFrontAWS Certificate Managerw )JHITQFFEDPOUFOUEFMJWFSZ VTJOH$%/w "VUPNBUFE44-DFSUJpDBUF NBOBHFNFOU$BOCFNBEF
Get SSL certificationWorkflowPreparations
Preparation
ɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domain7BMJEBUJPOFNBJMBEESFTT
If you have validation e-mail addressand receive mails to it, no setting arerequired any more.7BMJEBUJPOFNBJMBEESFTT
If you have no validation e-mailaddress, follow these steps to receivemails through AWS SES.7BMJEBUJPOFNBJMBEESFTT
Set up Amazon SESWorkflowCreate S3 bucketPreparation
Amazon S3w "NB[PO4JNQMF4UPSBHF4FSWJDFw &BTZUPVTFPCKFDUTUPSBHFTFSWJDFw 8F`MMVTFJUGPSTUPSFNFTTBHFT4&4"NB[PO4
Add bucket policyWorkflowCreate S3 bucket
Click [Create Bucket]
Input Bucket Name and Region then click [Create]
Click [Add bucket policy] in Permissions section in Properties
Edit Bucket Policy then [Save]
Bucket Policyhttps://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html
Amazon SESw "NB[PO4JNQMF&NBJM4FSWJDFw 4FOESFDFJWFFNBJMTFSWJDFw 8F`MMVTFJUGPS$MPVE'SPOU FNBJMWFSJpDBUJPO"NB[PO4&4
Testing e-mailWorkflowCreate a Receipt Rule
Email Receiving — [Rule Sets] — [Create a Receipt Rule]
Click [Add Recipient] after fill in e-mail address to Recipient
Set displayed records to your DNS server.If your DNS is Route53, simply click [Use Route 53].
After clicking [Use Route 53], some checkbox will appear.Check them all then [Create Record Sets].(only for Route 53 user)
Select created S3 bucket click [Next]
Fill in the [Rule name] then click [Next Step]
Setting confirmation.After confirmation, click [Create Rule Set]
Status turns to Enabledwhen you completed DNS configurationand its verification.
Send test mail to created e-mail addressfrom your favourite mail client software.
If you find a file exceptAMAZON_SES_SETUP_NOTIFICATION filein S3 bucket, settings are working correct.
Get SSLcertification
CloudFrontWorkflowCertificate Manager
AWS CertificateManager• SSL certification provided by AWS• Available for CloudFront and ELB• No additional fee• Automatically renewal"84$FSUJpDBUF.BOBHFS
Click [Get started]
Input your domain name to [Domain name] fieldthen click [Review and request]
After confirmation, click [Confirm and request]
Click [Continue]
You’ll see list of certificate status of domains
Open the verification URL with your browserin the mail in S3 bucket
Open verification URL with your browser, then click [I Approve]
Success!Congratulations! You finally get SSL certification
Also you can check certificate request status on AWS console.
Amazon CloudFront• AWS managed CDN service• Low latency and reduce server loads• Supports failover if a failure"NB[PO$MPVE'SPOU
Choose the distribution you wants to add SSL in Distributions
Click [Edit] in General tab
Select created SSL certification in Custom SSL Certificate
You can see that SSL certificate is set to your domain. It takes a little while.
http://amimoto-ami.com/slack/Feel free to contact us:
@Amimoto_Amiamimoto-ami.comTHANK YOU!Amazon CloudFront + AWS Certificate Manager