Amazon CloudFront with AWS Certificate Manager

Transcript

1. Amazon CloudFront with AWS Certificate Manager @Amimoto_Ami amimoto-ami.com

2. Architecture

3. Amazon CloudFront AWS Certificate Manager w )JHI
   TQFFE
   DPOUFOU
   EFMJWFSZ
   
 VTJOH
   $%/
   w "VUPNBUFE
   44-
   DFSUJpDBUF
   


   NBOBHFNFOU $BO
   CF
   NBEF

4. Get SSL certification Workflow Preparations

5. Preparation

6. ɾadministrator@your_domain ɾhostmaster@your_domain ɾpostmaster@your_domain ɾwebmaster@your_domain ɾadmin@your_domain 7BMJEBUJPO
   FNBJM
   BEESFTT

7. If you have validation e-mail address and receive mails to

   it, no setting are required any more. 7BMJEBUJPO
   FNBJM
   BEESFTT

8. If you have no validation e-mail address, follow these steps

   to receive mails through AWS SES. 7BMJEBUJPO
   FNBJM
   BEESFTT

9. Set up Amazon SES Workflow Create S3 bucket Preparation

10. Set up Amazon SES Workflow Create S3 bucket Preparation

11. Amazon S3 w "NB[PO
    4JNQMF
    4UPSBHF
    4FSWJDF
    w &BTZ
    UP
    VTF
    PCKFDU
    TUPSBHF
    TFSWJDF
    w 8F`MM
    VTF
    JU
    GPS
    TUPSF
    NFTTBHFT
    4&4 "NB[PO
    4

12. Add bucket policy Workflow Create S3 bucket

13. Add bucket policy Workflow Create S3 bucket

14. None

15. Click [Create Bucket]

16. Input Bucket Name and Region then click [Create]

17. Add bucket policy Workflow Create S3 bucket

18. Click [Add bucket policy] in Permissions section in Properties

19. Edit Bucket Policy then [Save]

20. Bucket Policy https://docs.aws.amazon.com/ses/latest/DeveloperGuide/ receiving-email-permissions.html

21. Set up Amazon SES Workflow Create S3 bucket Preparation

22. Amazon SES w "NB[PO
    4JNQMF
    &NBJM
    4FSWJDF
    w 4FOESFDFJWF
    
    FNBJM
    TFSWJDF
    w 8F`MM
    VTF
    JU
    GPS
    $MPVE'SPOU
    
 FNBJM
    WFSJpDBUJPO "NB[PO
    4&4

23. Testing e-mail Workflow Create a Receipt Rule

24. None

25. Email Receiving — [Rule Sets] — [Create a Receipt Rule]

26. Click [Add Recipient] after fill in e-mail address to Recipient

27. Set displayed records to your DNS server. If your DNS

    is Route53, simply click [Use Route 53].

28. After clicking [Use Route 53], some checkbox will appear. Check

    them all then [Create Record Sets]. (only for Route 53 user)

29. Select created S3 bucket click [Next]

30. Fill in the [Rule name] then click [Next Step]

31. Setting confirmation. After confirmation, click [Create Rule Set]

32. Status turns to Enabled when you completed DNS configuration and

    its verification.

33. Testing e-mail Workflow Create a Receipt Rule

34. Send test mail to created e-mail address from your favourite

    mail client software.

35. If you find a file except AMAZON_SES_SETUP_NOTIFICATION file in S3

    bucket, settings are working correct.

36. Get SSL certification

37. CloudFront Workflow Certificate Manager

38. CloudFront Workflow Certificate Manager

39. AWS Certificate Manager • SSL certification provided by AWS •

    Available for CloudFront and ELB • No additional fee • Automatically renewal "84
    $FSUJpDBUF
    .BOBHFS
40. None

41. Click [Get started]

42. Input your domain name to [Domain name] field then click

    [Review and request]

43. After confirmation, click [Confirm and request]

44. Click [Continue]

45. You’ll see list of certificate status of domains

46. Open the verification URL with your browser in the mail

    in S3 bucket

47. Open verification URL with your browser, 
 then click [I

    Approve]

48. Success! Congratulations! You finally get SSL certification

49. Also you can check certificate request status on AWS console.

50. CloudFront Workflow Certificate Manager

51. Amazon CloudFront • AWS managed CDN service • Low latency

    and reduce server loads • Supports failover if a failure "NB[PO
    $MPVE'SPOU
52. None

53. Choose the distribution you wants to add SSL in Distributions

54. Click [Edit] in General tab

55. Select created SSL certification in Custom SSL Certificate

56. You can see that SSL certificate is set to your

    domain.
 It takes a little while.

57. http://amimoto-ami.com/slack/ Feel free to contact us:

58. @Amimoto_Ami amimoto-ami.com THANK YOU! Amazon CloudFront + AWS Certificate Manager