POC for Wildcard SSL Certificate from AWS

[viraj89]

Description

Need to do a Proof of Concept (POC) to evaluate the use of a single wildcard SSL certificate from AWS for all domains. This approach aims to eliminate the need for creating multiple SSL certificates and simplify management, potentially reducing SSL management time to near zero.

Goals

• Obtain a wildcard SSL certificate from AWS.
• Configure the wildcard SSL certificate for multiple domains.
• Evaluate the effectiveness of the wildcard SSL certificate in managing SSL for all domains.
• Document the process and results of the POC.

Expected Outcome

A streamlined SSL management process using a single wildcard SSL certificate, leading to reduced SSL management time and effort.

Acceptance Criteria

• Wildcard SSL certificate from AWS is obtained and configured.
• Wildcard SSL certificate successfully secures multiple domains.
• Documentation of the POC process and results is completed.
• SSL management time and effort are significantly reduced.

Mockups / Wireframes

Not applicable

Product Name

Beckn Infrastructure

Domain

DevOps

Tech Skills Needed

• AWS SSL Certificate Management
• SSL Configuration
• Domain Management

Complexity

Medium

Category

Infrastructure

Sub Category

SSL Management

[prasad-takale-eminds]

To use the SSL certificate issued by AWS Certificate Manager (ACM) on your EC2 instance, you typically need to use a load balancer (such as an Application Load Balancer) or another service like AWS CloudFront because ACM certificates can only be directly associated with AWS services. Here's how to set up and use the SSL certificate with an EC2 instance through an Application Load Balancer (ALB):

Step 1: Create an Application Load Balancer (ALB)

1. Log in to the AWS Management Console:

   • Open the AWS Management Console.
   • Sign in with your AWS credentials.

2. Navigate to EC2:

   • In the AWS Management Console, type "EC2" in the search bar and select EC2 from the list of services.

3. Create an ALB:

   • In the left-hand menu, under Load Balancing, click on Load Balancers.
   • Click the Create Load Balancer button.
   • Select Application Load Balancer.

4. Configure the ALB:

   • Name: Enter a name for your load balancer.
   • Scheme: Choose whether the load balancer is internet-facing or internal.
   • IP address type: Select IPv4.
   • Listeners: Ensure HTTP (port 80) and HTTPS (port 443) listeners are added.

5. Availability Zones: Select the VPC and the Availability Zones where your EC2 instances are located.

6. Configure Security Settings:

   • Under the Configure Security Settings section, select the ACM certificate you created.
   • Choose the default security policy, or customize it based on your needs.

7. Configure Security Groups:

   • Select or create a security group that allows inbound traffic on HTTP (port 80) and HTTPS (port 443).

8. Configure Routing:

   • Create a new target group for your EC2 instances.
   • Select the target type (instance or IP) and set the protocol to HTTP.
   • Register your EC2 instances with this target group.

9. Review and Create:

   • Review all the configurations and click Create.

Cost Calculation Example

• ALB Charges:

  • Assume $0.0225 per ALB-hour.
  • Data processing charge might be $0.008 per GB.

• EC2 Instances:

  • Charges depend on the instance type and size (e.g., t2.micro costs approximately $0.0116 per hour).

Conclusion

By setting up an Application Load Balancer and attaching your ACM-issued SSL certificate, you can secure your EC2 instances with HTTPS. This setup leverages AWS services to provide SSL termination, enhancing security for your web applications. The cost will include the usage of the ALB and any data processed, as well as the existing costs for running your EC2 instances. Make sure to review AWS pricing for the Mumbai region to get the most accurate cost estimates.

@faizmagic @mayurvir Please let me know next plan off action on this