Skip to content

4.1

Jump to bottom
Paul Duvall edited this page Jan 13, 2020 · 24 revisions

4.1 AWS Certificate Manager and Amazon CloudFront in Console

Review and ensure that you have setup your development environment before going through the steps below.

ACM Console

Create a Digital Certificate in AWS Certificate Manager

  1. Go to the ACM Console.
  2. Click on Get Started.
  3. Select the Request a public certificate radio button and click the Request a certificate button.
  4. In the Add domain names section, enter * followed by the name of the domain you own in the Domain name field (For example, I am entering *.encryptaws.com. Yours will be different.).
  5. Click the Next button.
  6. On the Select validation method page, choose the DNS validation option and click Review.
  7. On the Review page, review your settings and click the Confirm and request button.
  8. On the Validation page, expand the Domain section and click the Create record in Route 53 button. Then click the Create button.
  9. Once the DNS Record indicates Success, click the Continue button.
  10. Review your ACM Certificate Configuration on the Certificates page.

Create an Amazon CloudFront Distribution

Create an S3 bucket to host website files

  1. Go to the S3 Console.
  2. Click the Create bucket button.
  3. Enter ceoa-41-ACCOUNTID in the Bucket name field. Replace ACCOUNTID with the results of the following command: aws sts get-caller-identity --output text --query 'Account'. Click the Create button.
  4. Open the bucket Properties pane and choose Static Website Hosting.
  5. Click on the Use this bucket to host a website radio button.
  6. In the Index Document field, type index.html.
  7. Click the Save button. Write down the Endpoint.
  8. For the same S3 bucket, go to the Permissions pane and click on Edit.
  9. Clear the Block all public access checkbox and click on Save to configure your settings.
  10. From the same Permissions pane for the S3 bucket, click on the Bucket Policy tab and paste the following contents in Bucket policy editor:
{
   "Version":"2012-10-17",
   "Statement":[{
 	"Sid":"PublicReadForGetBucketObjects",
         "Effect":"Allow",
 	  "Principal": "*",
       "Action":["s3:GetObject"],
       "Resource":["arn:aws:s3:::ceoa-41-ACCOUNTID/*"
       ]
     }
   ]
 }
  1. In the policy, replace ACCOUNTID with the name of your AWS account id.
  2. Click Save.

Upload the website files to S3

cd ~/environment/ceoa
wget https://docs.aws.amazon.com/codepipeline/latest/userguide/samples/sample-website.zip
unzip sample-website.zip
zip ceoa-41-website.zip *.*
aws s3 sync ~/environment/tls s3://ceoa-41-$(aws sts get-caller-identity --output text --query 'Account')

Verify website is public

  1. Copy the endpoint you had written down and paste it into your web browser.
  2. An unencrypted website should display.

Create the CloudFront Distribution

  1. Go to the CloudFront Console.
  2. Click the Create Distribution button.
  3. Click the Get Started button in the Web section.
  4. Enter ceoa-4-ACCOUNTID.s3.amazonaws.com as the Origin Domain Name.
  5. Select No for Restrict Bucket Access.
  6. Select the Redirect HTTP to HTTPS option for Viewer Protocol Policy.
  7. Select the Custom SSL Certificate option for SSL Certificate and enter the name of the ACM certificate (e.g. *.encryptaws.com (ed651540-1a8b-4450-a150-27cddf5cfdab))
  8. Select the TLSv1.1_2016 (recommended) option for Security Policy.
  9. Select the index.html option for Default Root Object.
  10. Go to the CloudFront Console.
  11. Select the CloudFront Distribution you created and copy the value for the Domain Name and paste it to your web browser.
  12. It should display the website with a secure certificate.

TLS Website

Clone this wiki locally