Amazon CloudFront with AWS Certificate Manager

Amazon CloudFront with AWS Certificate Manager

# High speed content delivery using CDN.
# Automated SSL certificate management.

Bdaf0b291f02fe64a02cdf592a8a0c8f?s=128

AMIMOTO

May 02, 2016
Tweet

Transcript

  1. Amazon CloudFront with AWS Certificate Manager @Amimoto_Ami amimoto-ami.com

  2. Architecture

  3. Amazon CloudFront AWS Certificate Manager w )JHITQFFEDPOUFOUEFMJWFSZ
 VTJOH$%/ w "VUPNBUFE44-DFSUJpDBUF


    NBOBHFNFOU $BOCFNBEF
  4. Get SSL certification Workflow Preparations

  5. Preparation

  6. ɾadministrator@your_domain ɾhostmaster@your_domain ɾpostmaster@your_domain ɾwebmaster@your_domain ɾadmin@your_domain 7BMJEBUJPOFNBJMBEESFTT

  7. If you have validation e-mail address and receive mails to

    it, no setting are required any more. 7BMJEBUJPOFNBJMBEESFTT
  8. If you have no validation e-mail address, follow these steps

    to receive mails through AWS SES. 7BMJEBUJPOFNBJMBEESFTT
  9. Set up Amazon SES Workflow Create S3 bucket Preparation

  10. Set up Amazon SES Workflow Create S3 bucket Preparation

  11. Amazon S3 w "NB[PO4JNQMF4UPSBHF4FSWJDF w &BTZUPVTFPCKFDUTUPSBHFTFSWJDF w 8F`MMVTFJUGPSTUPSFNFTTBHFT4&4 "NB[PO4

  12. Add bucket policy Workflow Create S3 bucket

  13. Add bucket policy Workflow Create S3 bucket

  14. None
  15. Click [Create Bucket]

  16. Input Bucket Name and Region then click [Create]

  17. Add bucket policy Workflow Create S3 bucket

  18. Click [Add bucket policy] in Permissions section in Properties

  19. Edit Bucket Policy then [Save]

  20. Bucket Policy https://docs.aws.amazon.com/ses/latest/DeveloperGuide/ receiving-email-permissions.html

  21. Set up Amazon SES Workflow Create S3 bucket Preparation

  22. Amazon SES w "NB[PO4JNQMF&NBJM4FSWJDF w 4FOESFDFJWFFNBJMTFSWJDF w 8F`MMVTFJUGPS$MPVE'SPOU
 FNBJMWFSJpDBUJPO "NB[PO4&4

  23. Testing e-mail Workflow Create a Receipt Rule

  24. None
  25. Email Receiving — [Rule Sets] — [Create a Receipt Rule]

  26. Click [Add Recipient] after fill in e-mail address to Recipient

  27. Set displayed records to your DNS server. If your DNS

    is Route53, simply click [Use Route 53].
  28. After clicking [Use Route 53], some checkbox will appear. Check

    them all then [Create Record Sets]. (only for Route 53 user)
  29. Select created S3 bucket click [Next]

  30. Fill in the [Rule name] then click [Next Step]

  31. Setting confirmation. After confirmation, click [Create Rule Set]

  32. Status turns to Enabled when you completed DNS configuration and

    its verification.
  33. Testing e-mail Workflow Create a Receipt Rule

  34. Send test mail to created e-mail address from your favourite

    mail client software.
  35. If you find a file except AMAZON_SES_SETUP_NOTIFICATION file in S3

    bucket, settings are working correct.
  36. Get SSL certification

  37. CloudFront Workflow Certificate Manager

  38. CloudFront Workflow Certificate Manager

  39. AWS Certificate Manager • SSL certification provided by AWS •

    Available for CloudFront and ELB • No additional fee • Automatically renewal "84$FSUJpDBUF.BOBHFS
  40. None
  41. Click [Get started]

  42. Input your domain name to [Domain name] field then click

    [Review and request]
  43. After confirmation, click [Confirm and request]

  44. Click [Continue]

  45. You’ll see list of certificate status of domains

  46. Open the verification URL with your browser in the mail

    in S3 bucket
  47. Open verification URL with your browser, 
 then click [I

    Approve]
  48. Success! Congratulations! You finally get SSL certification

  49. Also you can check certificate request status on AWS console.

  50. CloudFront Workflow Certificate Manager

  51. Amazon CloudFront • AWS managed CDN service • Low latency

    and reduce server loads • Supports failover if a failure "NB[PO$MPVE'SPOU
  52. None
  53. Choose the distribution you wants to add SSL in Distributions

  54. Click [Edit] in General tab

  55. Select created SSL certification in Custom SSL Certificate

  56. You can see that SSL certificate is set to your

    domain.
 It takes a little while.
  57. http://amimoto-ami.com/slack/ Feel free to contact us:

  58. @Amimoto_Ami amimoto-ami.com THANK YOU! Amazon CloudFront + AWS Certificate Manager