Amazon Web Services recently rolled out the AWS Certificate Manager: blog post
Always a brave soul, I used it to set up HTTPS for a domain name I have lying around. I’m writing about how it blew me away. It’s so damn easy.
I’m a big fan of HTTPS. Being a security enthusiast (note: not qualified expert) I think the whole protocol is pretty sexy.
Michael’s Old Dumb Way
Normally, I use the one-year free SSL certs from gandi. Free is always good, but setting it up is a pain in the ass. For each domain name I need to fill out the form for a Certificate Signing Request, etc.
Then I need to configure my web servers to use HTTPS, usually by updating my nginx configuration.
The AWS Way – Best Way
This process can be completed in 30 minutes or less, especially if you’re familiar with AWS.
Step 1: Route53
Create a hosted zone with your domain name (example.com). Go to your registrar and input Amazon’s nameservers.
Step 2: Amazon Certificate Manager
Create a certificate request for example.com. Amazon will send you a confirmation request via your WHOIS contact email. Accept it and boom you’re done!
Step 3: Elastic Load Balancer
Create a load balancer instance that accepts both http (80) and https (443) in it’s security group configuration. Attach your ec2 instances to the load balancer.
Note: It’s good practice to make sure your ec2 instances only accept traffic coming from your load balancer’s security group. I allowed public ssh for convenience.
If you use the default health check (example.com/index.html), this will get your ec2 instance up and running quickly.
$ ssh -i yourkey.pem ubuntu@ec2-blahblahblah
$ echo "Hello World!" >> index.html
$ sudo python -m SimpleHTTPServer 80
Go to the AWS Certificate Manager interface and create a new record set. Click “yes” for alias and select your Elastic Load Balancer instance by clicking on the blank.
Congratulations! Visit https://example.com and bask in the glory.
Or visit https://one.haus in the next hour to see my Hello World!.