Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Amazon CloudFront with AWS Certificate Manager

Amazon CloudFront with AWS Certificate Manager

# High speed content delivery using CDN.
# Automated SSL certificate management.

More Decks by Amimoto - Flexible Cloud WordPress Hosting

Other Decks in How-to & DIY

Transcript

  1. Amazon CloudFront
    with
    AWS Certificate Manager
    @Amimoto_Ami
    amimoto-ami.com

    View Slide

  2. Architecture

    View Slide

  3. Amazon CloudFront
    AWS Certificate Manager
    w )JHITQFFEDPOUFOUEFMJWFSZ

    VTJOH$%/
    w "VUPNBUFE44-DFSUJpDBUF

    NBOBHFNFOU
    $BOCFNBEF

    View Slide

  4. Get SSL certification
    Workflow
    Preparations

    View Slide

  5. Preparation

    View Slide

  6. ɾ[email protected]_domain
    ɾ[email protected]_domain
    ɾ[email protected]_domain
    ɾ[email protected]_domain
    ɾ[email protected]_domain
    7BMJEBUJPOFNBJMBEESFTT

    View Slide

  7. If you have validation e-mail address
    and receive mails to it, no setting are
    required any more.
    7BMJEBUJPOFNBJMBEESFTT

    View Slide

  8. If you have no validation e-mail
    address, follow these steps to receive
    mails through AWS SES.
    7BMJEBUJPOFNBJMBEESFTT

    View Slide

  9. Set up Amazon SES
    Workflow
    Create S3 bucket
    Preparation

    View Slide

  10. Set up Amazon SES
    Workflow
    Create S3 bucket
    Preparation

    View Slide

  11. Amazon S3
    w "NB[PO4JNQMF4UPSBHF4FSWJDF
    w &BTZUPVTFPCKFDUTUPSBHFTFSWJDF
    w 8F`MMVTFJUGPSTUPSFNFTTBHFT4&4
    "NB[PO4

    View Slide

  12. Add bucket policy
    Workflow
    Create S3 bucket

    View Slide

  13. Add bucket policy
    Workflow
    Create S3 bucket

    View Slide

  14. View Slide

  15. Click [Create Bucket]

    View Slide

  16. Input Bucket Name and Region then click [Create]

    View Slide

  17. Add bucket policy
    Workflow
    Create S3 bucket

    View Slide

  18. Click [Add bucket policy] in Permissions section in Properties

    View Slide

  19. Edit Bucket Policy then [Save]

    View Slide

  20. Bucket Policy
    https://docs.aws.amazon.com/ses/latest/DeveloperGuide/
    receiving-email-permissions.html

    View Slide

  21. Set up Amazon SES
    Workflow
    Create S3 bucket
    Preparation

    View Slide

  22. Amazon SES
    w "NB[PO4JNQMF&NBJM4FSWJDF
    w 4FOESFDFJWFFNBJMTFSWJDF
    w 8F`MMVTFJUGPS$MPVE'SPOU

    FNBJMWFSJpDBUJPO
    "NB[PO4&4

    View Slide

  23. Testing e-mail
    Workflow
    Create a Receipt Rule

    View Slide

  24. View Slide

  25. Email Receiving — [Rule Sets] — [Create a Receipt Rule]

    View Slide

  26. Click [Add Recipient] after fill in e-mail address to Recipient

    View Slide

  27. Set displayed records to your DNS server.
    If your DNS is Route53, simply click [Use Route 53].

    View Slide

  28. After clicking [Use Route 53], some checkbox will appear.
    Check them all then [Create Record Sets].
    (only for Route 53 user)

    View Slide

  29. Select created S3 bucket click [Next]

    View Slide

  30. Fill in the [Rule name] then click [Next Step]

    View Slide

  31. Setting confirmation.
    After confirmation, click [Create Rule Set]

    View Slide

  32. Status turns to Enabled
    when you completed DNS configuration
    and its verification.

    View Slide

  33. Testing e-mail
    Workflow
    Create a Receipt Rule

    View Slide

  34. Send test mail to created e-mail address
    from your favourite mail client software.

    View Slide

  35. If you find a file except
    AMAZON_SES_SETUP_NOTIFICATION file
    in S3 bucket, settings are working correct.

    View Slide

  36. Get SSL
    certification

    View Slide

  37. CloudFront
    Workflow
    Certificate Manager

    View Slide

  38. CloudFront
    Workflow
    Certificate Manager

    View Slide

  39. AWS Certificate
    Manager
    • SSL certification provided by AWS
    • Available for CloudFront and ELB
    • No additional fee
    • Automatically renewal
    "84$FSUJpDBUF.BOBHFS

    View Slide

  40. View Slide

  41. Click [Get started]

    View Slide

  42. Input your domain name to [Domain name] field
    then click [Review and request]

    View Slide

  43. After confirmation, click [Confirm and request]

    View Slide

  44. Click [Continue]

    View Slide

  45. You’ll see list of certificate status of domains

    View Slide

  46. Open the verification URL with your browser
    in the mail in S3 bucket

    View Slide

  47. Open verification URL with your browser, 

    then click [I Approve]

    View Slide

  48. Success!
    Congratulations! You finally get SSL certification

    View Slide

  49. Also you can check certificate request status on AWS console.

    View Slide

  50. CloudFront
    Workflow
    Certificate Manager

    View Slide

  51. Amazon CloudFront
    • AWS managed CDN service
    • Low latency and reduce server loads
    • Supports failover if a failure
    "NB[PO$MPVE'SPOU

    View Slide

  52. View Slide

  53. Choose the distribution you wants to add SSL in Distributions

    View Slide

  54. Click [Edit] in General tab

    View Slide

  55. Select created SSL certification in Custom SSL Certificate

    View Slide

  56. You can see that SSL certificate is set to your domain.

    It takes a little while.

    View Slide

  57. http://amimoto-ami.com/slack/
    Feel free to contact us:

    View Slide

  58. @Amimoto_Ami
    amimoto-ami.com
    THANK YOU!
    Amazon CloudFront + AWS Certificate Manager

    View Slide