Easy SSL with AWS Certificate Manager

Amazon Web Services recently rolled out the AWS Certificate Manager: blog post

Always a brave soul, I used it to set up HTTPS for a domain name I have lying around. I’m writing about how it blew me away. It’s so damn easy.

I’m a big fan of HTTPS. Being a security enthusiast (note: not qualified expert) I think the whole protocol is pretty sexy.

Michael’s Old Dumb Way

Normally, I use the one-year free SSL certs from gandi. Free is always good, but setting it up is a pain in the ass. For each domain name I need to fill out the form for a Certificate Signing Request, etc.

Then I need to configure my web servers to use HTTPS, usually by updating my nginx configuration.

The AWS Way – Best Way

This process can be completed in 30 minutes or less, especially if you’re familiar with AWS.

Step 1: Route53

Create a hosted zone with your domain name (example.com). Go to your registrar and input Amazon’s nameservers.

Step 2: Amazon Certificate Manager

Create a certificate request for example.com. Amazon will send you a confirmation request via your WHOIS contact email. Accept it and boom you’re done!

Step 3: Elastic Load Balancer

Create a load balancer instance that accepts both http (80) and https (443) in it’s security group configuration. Attach your ec2 instances to the load balancer.

Note: It’s good practice to make sure your ec2 instances only accept traffic coming from your load balancer’s security group. I allowed public ssh for convenience.

If you use the default health check (example.com/index.html), this will get your ec2 instance up and running quickly.

$ ssh -i yourkey.pem ubuntu@ec2-blahblahblah
$ echo "Hello World!" >> index.html
$ sudo python -m SimpleHTTPServer 80

Go to the AWS Certificate Manager interface and create a new record set. Click “yes” for alias and select your Elastic Load Balancer instance by clicking on the blank.

Congratulations! Visit https://example.com and bask in the glory.

Or visit https://one.haus in the next hour to see my Hello World!.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s