Introduction
AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.
A very common use case comes to mind where “we have a web application which uses an Elastic Load Balancer (ELB)”. To encrypt traffic between ELB and client, we are going to need a TLS certificate.
AWS Certificate Manager (ACM) is a service that lets you easily and quickly request a certificate, deploy it on ACM-integrated AWS resources, such as Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway, and let AWS Certificate Manager handle certificate renewals.
ACM requires that you validate the domain i.e. prove, that you control the domain. You can do so using by DNS or email validation.
If you have an existing domain, that’s good, otherwise you can register a domain using AWS service Route 53.
Now, if you have been following along, we already have a domain registered using Route 53 and we also hosted a static website using S3 bucket and created a CloudFront distribution which points to this bucket.
If you are new to these topic, following are links to posts, which will provide you the background information needed to follow along:
- AWS CLI Basics – Part 2 (setup a S3 based static website)
- AWS Route 53 – Basics (Register a Domain)
- AWS CloudFront – Basics (Create a Distribution)
Requirement
We want to use the registered domain (Route 53) to be used with website Distribution (CloudFront) which is pointing to the static website (S3 bucket) with TLS certificate (ACM).
So, with the help of this requirement, we will cover ACM basics as well as bring together all the above mentioned posts together in this exercise. This will help us to practice, how to combine these services to achieve a common requirement. This is mostly the case with all AWS services, you can configure those to build solutions as per the requirements.
TLS certificate using ACM part is new, so lets start with this one.
Subscribe to continue reading
Subscribe to get access to the rest of this post and other subscriber-only content.