aws certificate manager for google domain with route 53 - amazon-web-services

I added my name servers to my google domain and then added my google domain to my route 53 hosted zone. I then requested a certificate through aws certificate manager and added a record for it to route 53 hosted zone. My site is still loading as an unsecure connection. What steps did I miss, thank you for any help.
I have listed above the details of my question.

I then requested a certificate through aws certificate manager and added a record for it to route 53 hosted zone.
It seems like you created an ACM certificate and added the required record to the Route53 Zone.
However, that is not enough to provide an HTTPS connection. You need to make use of that ACM certificate in your service (EC2, Amplify, API Gateway, ...).
In order words, your server needs to handle the TLS/SSL handshake to have a secure connection.
See Services integrated with AWS Certificate Manager for a list of services and how you can use the certificate.

Related

AWS Amplify use ssl certificate in spring boot backend for https

I made a frontend in aws amplify and created a custom domain over amplify with route 53.
Then I created a subdomain, for example api.domain.com for my spring boot backend rest api.
The subdomain only uses http. For using it with https I need to specify:
server.ssl.key-store, server.ssl.key-store-password and server.ssl.keyAlias
In the documentation I found the following hint but I can't get access to the certificate on Amazon Certificate Manager (ACM):
AWS Amplify Console generates a free HTTPS certificate on all pages and automatically activates it on all Route53 managed domains. The SSL certificate is generated by Amazon Certificate Manager and supports wildcard domains. ACM handles the complexity of creating and managing public SSL/TLS certificates for your AWS-based Web sites and applications. With the wildcard option, the main domain and all subdomains are covered by a single certificate.
So the question is, how to get access to the information I need to specify in spring boot?
Based on the comments.
The ACM certs can only be used on a load balancer, API gateway and CloudFront distribution. They can't be used on an EC2 instance.
There are two options to rectify the issue:
Add load balancer in front of your EC2 instance, a CloudFront distribution or proxy your API through API gateway. On these AWS services you can just install your ACM cert.
Setup SSL certificate on the instance itself. To do this you have to get a third party certificate. A popular choice is https://letsencrypt.org/ which provides free public certificates.

how to enable (https) SSL certificate AWS EC2 hosted site

So far i did below configuration.
I hosted my site on EC2 AWS machine. Public ip and public DNS.
I can access my website by ip as well as public DNS.
I purchased domain name from GoDaddy. www.xxtrasc.com
On AWS I created Hosted Zone then map www.app.xxtrasc.com successfully.
Now i access my website directly www.app.xxtrasc.com
Next want to enable https
On AWS Certificate Manager order certificate with domain name *.xxtrasc.com
Did everything to add CNAME and all. I can see status gree colored Issued on ACM.
Now how i can attached this certificate to my web site so that i can access https://www.app.xxtrasc.com
You cannot use ACM to directly install your ACM Certificate on your AWS based website or application
https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-install.html
You must use one of the following services:
Elastic Load Balancing
Amazon CloudFront
AWS Elastic Beanstalk
Amazon API Gateway
AWS CloudFormation
Please read the official doc : https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
So to install the certificate directly under apache2/nginx configuration you need to obtain the certificate from other third parties like Lets Encrypt, GoDaddy etc. you can read about that here - https://in.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-centos-5238
On AWS I recommend using an ELB an placing your EC2 instances behind this ELB. This will allow you to select your ACM certificate from ELB itslef. Please read following doc to use classic load balancer with HTTPS https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-server-cert.html
If you want to enable SSL on your site, you need to purchase SSL certificate. You can purchase it with Godaddy and then setup it on AWS server. Without SSL certificate, your https site won't work.

AWS ssl is not working in imported certificate for custom domain

I have dobut in AWS SSL.
I have launched instance in AWS.
Then I got Public IP of launched instance, which pointed to BLUEHOST (only for domain ) DNS record ( Type A).
when I tried subdomain.example.com is working in browser.
Then for SSL, I imported certificate key and crt in certificate manager.And
certificate status is ISSUED.
When I tried HTTPS in browser ( https://subdomain.example.com ) is not working
Any one guide me.
You cannot use the certificate provided by Amazon Certificate Manager(ACM) on EC2 instance. That can only be used with certain AWS services such as Elastic Load Balancer, CloudFront, API Gateway and Elastic Beanstalk.
If you want to use ACM, you can setup a ELB in front of your EC2 instance and have your certificate applied to ELB. When you are requesting for a certificate via ACM make sure to add *.example.com domain to protect your subdomain as well.
If you want to setup SSL on your EC2 instance itself, you can request for SSL certificates from a ssl certificate provider. There are many certificate providers, such as letsencrypt, sslforfree etc..
Here is a guide on how to install SSL certificates obtained from a certificate provider on your EC2 instance.

AWS Route 53 traffic policy adding SSL

I'm managing a domain at AWS Route 53 and I have a service exposed as an api on 3 servers spreaded across 3 main zones: us, asia, eu.
I created a traffic policy to redirect clients based on latency to the appropriate zone(s).
So client comes in via api.example.com, enters this latency based policy and exits at the closest server. Which works...with one problem though. I don't know how to enable https so I can have my clients use https://api.example.com.
Any ideas?
SSL (HTTPS) is completely unrelated to all the Route53 stuff you talked about in your question. You need to install an SSL certificate on the server, or on the load balancer if you are using a load balancer. You can also install the SSL certificate at your CDN, if you are using one.
Route53 is a DNS service. Route53 does not manage the protocol of a service, and it does not manage encryption. Route53 (DNS) just allows a client to lookup an IP based on a hostname.

Connect SSL Cert to Route53 Hosted Domain

For some reason I cannot find a yes or no if this is even possible but I am assuming that it would be. I have a domain through AWS that was purchased through AWS Route53. I also created an SSL Cert through AWS Certificate Manager. Now I'm just trying to add that certificate to the domain. I would think that since it is all interconnected that it would just been applied after I approved it and it finished the setup but alas, it has not. So my question is how/where do I connect my SSL Cert to my Route53 hosted domain?
SSL certificates are not connected to a domain's DNS record (via Route 53).
Instead, they are connected to one or more specific infrastructure components.
SSL certificates that you create from ACM can be used with:
AWS Elastic Load Balancer
AWS CloudFront
Create your infrastructure including one or more of those components and then attach your ACM SSL certificate to that.
See the ACM FAQ: https://aws.amazon.com/certificate-manager/faqs/