CDNでコンテンツの配信を高速化 SSL証明書の管理を自動化
Amazon CloudFrontwithAWS Certificate Manager@Amimoto_Amija.amimoto-ami.com
View Slide
ΞʔΩςΫνϟ
Amazon CloudFrontAWS Certificate Managerw $%/Ͱίϯςϯπͷ৴ΛߴԽw 44-ূ໌ॻͷཧΛࣗಈԽ࣮ݱ͢Δ͜ͱ
SSLূ໌ॻͷऔಘWorkflow४උ
४උ
ɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domainɾ[email protected]_domainυϝΠϯೝূ༻ϝʔϧΞυϨε
͢ͰʹυϝΠϯೝূ༻ϝʔϧΞυϨεͰϝʔϧͷड৴͕Մೳͳ߹ɺ͜ΕҎ߱ͷ߲εΩοϓ͍ͯͩ͘͠͞υϝΠϯೝূ༻ϝʔϧΞυϨε
υϝΠϯೝূ༻ϝʔϧΞυϨε͕༻Ͱ͖ͳ͍߹ AWS SES Ͱϝʔϧड৴͢ΔઃఆΛߦ͍·͢ɻυϝΠϯೝূ༻ϝʔϧΞυϨε
Amazon SES ઃఆWorkflowS3όέοτͷ४උߏஙલͷ४උ
Amazon S3w "NB[PO4*NQMF4UPSBHF4FSWJDFw Πϯλʔωοτ༻ͷετϨʔδw 4&4Ͱड৴ͨ͠ϝʔϧΛ֨ೲ͢ΔͨΊʹ༻"NB[PO4
όέοτϙϦγʔͷઃఆWorkflowS3όέοτͷ࡞
Create Bucket ΛΫϦοΫ͠·͢
Bucket Name, Region Λೖྗ͠ Create
Properties - Permissions - Add bucket policy
Bucket Policy Λઃఆ͠ Save
Bucket Policyhttps://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html
Amazon SESw "NB[PO4*NQMF&NBJM4FSWJDFw &NBJMͷૹड৴Λ࣮ߦ͢ΔαʔϏεw $MPVE'SPOUͷೝূϝʔϧड৴ʹ༻"NB[PO4&4
ϝʔϧड৴ςετWorkflowϧʔϧηοτͷ࡞
Email Receiving - Rule Sets - Create a Receipt Rule
Recipient ʹϝʔϧυϝΠϯ໊Λೖྗͯ͠ Add Recipient
දࣔ͞ΕͨઃఆΛ DNS αʔόʹͯઃఆRoute53 Λ༻͍ͯ͠Δ߹ Use Route53
Route53 Λ༻͍ͯ͠Δ߹͜ͷը໘͕දࣔ͞ΕΔͷͰͯ͢νΣοΫͯ͠ Create Record Sets
ࣄલ४උͰ࡞ͨ͠ S3 Bucket Λબͯ͠ Next Step
Rule Name Λೖྗͯ͠ Next Step
ઃఆ༰Λ֬ೝͯ͠ Create Rule Set
DNS มߋ͕ྃͯ͠ೝূ͕औΕΔͱ Status ͕ Enabled ʹͳΔ
ϝʔϧΫϥΠΞϯτ͔ΒϝʔϧΛૹ৴ͯ͠ΈΔ
S3όέοτʹʮAMAZON_SES_SETUP_NOTIFICATIONʯҎ֎ͷϑΝΠϧ͕อଘ͞Ε͍ͯΕϝʔϧૹ৴ਖ਼ৗʹߦΘΕ͍ͯΔ
SSLূ໌ॻͷऔಘ
CloudFrontWorkflowCertificate Manager
AWS CertificateManager•AWS͕ఏڙ͢ΔSSLূ໌ॻ•CloudFront, ELB Ͱ༻Մೳ•ແྉͰ༻Մೳ•SSLূ໌ॻࣗಈͰߋ৽͞ΕΔ"84$FSUJpDBUF.BOBHFS
Get started
Domain name Λೖྗͯ͠ Review and request
ೖྗ༰Λ֬ೝͯ͠ Confirm and request
Continue
ೝূͪυϝΠϯͷҰཡ͕දࣔ͞ΕΔ
ड৴ϝʔϧΛ֬ೝͯ͠ೝূ༻URLΛϒϥβͰදࣔ
ೝূ༻URLΛදࣔ͠ I Approve ΛΫϦοΫ
Success!
AWSίϯιʔϧͰೝূ͞Εͨ͜ͱ͕֬ೝͰ͖Δ
Amazon CloudFront•AWSͷϗετ͢ΔCDNαʔϏε•αΠτͷߴԽͱෛՙݮΛ࣮ݱ•ো࣌ͷϑΣΠϧΦʔόʔʹରԠ"NB[PO$MPVE'SPOU
Distributions ͔Βઃఆରͷ distribution Λબ
General λϒͷ Edit ΛΫϦοΫ
Custom SSL Certificate Ͱઌ΄Ͳ࡞ͨ͠ূ໌ॻΛબ
͠Β͘͢ΔͱSSLূ໌ॻ͕ઃఆ͞Ε͍ͯΔ͜ͱ͕֬ೝͰ͖·͢
http://ja.amimoto-ami.com/slack/࣭͓͝ؾܰʹ:
@Amimoto_Amija.amimoto-ami.comTHANK YOU!Amazon CloudFront + AWS Certificate Manager