I have a question related to Cloud Front.
If I have CF enabled with s3 origin in Account A, and then I create a Route 53 DNS records in Account B and point to the CF.
I will need to add alternate domain name in CF which in Account A and a certificate as well. Will ACM generate a certificate in the Account A when DNS entry hello.example.com is in another account ?
Yes ACM will be happy to generate any certificate you ask it to, but to verify the certificate to complete the creation process you will have to create a DNS entry in whatever DNS service you are using. You don't even need to be using Amazon's Route53 DNS service, you can use ACM with any DNS service.
ou can do the following steps
Create ACM in us-east-1 region of Account A.
Once step 1 is done, you will copy the CNAME record of that ACM and go to Account B to create the DNS record for that CNAME values and use DNS validation. Please keep in mind, e.g hello.example.com is your public domain and hosted in Route53.
Back to account A and wait a few seconds, then you will see the status of ACM is issued and you can attach that ACM to your CF in Account A.
Related
I added my name servers to my google domain and then added my google domain to my route 53 hosted zone. I then requested a certificate through aws certificate manager and added a record for it to route 53 hosted zone. My site is still loading as an unsecure connection. What steps did I miss, thank you for any help.
I have listed above the details of my question.
I then requested a certificate through aws certificate manager and added a record for it to route 53 hosted zone.
It seems like you created an ACM certificate and added the required record to the Route53 Zone.
However, that is not enough to provide an HTTPS connection. You need to make use of that ACM certificate in your service (EC2, Amplify, API Gateway, ...).
In order words, your server needs to handle the TLS/SSL handshake to have a secure connection.
See Services integrated with AWS Certificate Manager for a list of services and how you can use the certificate.
If I have 3 AWS Accounts(A, B, and C), can I create a Route53 HostedZone(example.com) in account A, and route traffic to API gateways in accounts B and C(equally or based on health check) from the hostedZone in account A?
I've tried the following:
Create child hosted zone in account B and C(b.example.com)
Create ACM Certificate and API Gateway Custom Domain in account B and C(apigw.b.example.com)
Add Alias RecordSet type A to account A HostedZone pointing to API gateway's domain name and hosted zone ID.
Doing this results in example.com routing to the execute-api endpoint of API gateway, which is what I want, but access is restricted because example.com isn't included in the certificate's protected domains. I'm guessing this is because the ACM certificate is local to the child account and its hosted zone(b.example.com).
Changes made to get it working:
Get rid of child hosted zones in the API Gateway accounts
Create same domain name for every API Gateway(this works because they're regional).
Do cross account validation of ACM certificates.
So in short, yes you can do this and split everything by account. It just requires some cross account wiring for the CNAME records that validate the ACM certificates and the Alias A records that connect the API gateways to the cross account hosted zone.
I've created an SSL certificate via ACM and I'm attempting to validate it via DNS configuration.
I've got the CNAME record for the DNS configuration, but I've run into something that I'm not sure about. My registar, namecheap, won't allow me to set a CNAME on a domain while still keeping the custom DNS nameservers on the domain.
Eg.
ns-1281.awsdns
ns-1702.awsdns-26.co.uk
ns-211.awsdns-42.com
In order for AWS to validate the domain, would the DNS nameservers not need to be set in addition to the CNAME?
Thanks!
The nameservers you have listed are AWS nameservers, which means AWS is handling your DNS.
To manage your DNS head over to Route 53 in the AWS console, select Hosted Zones in the left hand menu, select the hosted zone for your domain, create a new Record Set, and create a CNAME record with the values indicated in ACM.
Haven't seen something like this (Hosted zone transfer maybe?), so I'll try here.
I have a pretty straightforward question, so I am hoping that someone can answer it or has any experience with the same case.
I have registered the domain using Route53 DNS service on one AWS account. I would like to use that registered domain on another AWS account, using it primarily for creating CNAME records for the load balancers. I have updated the NS records for the domain to match the second AWS account NS records and I am able to use and created hosted zone in that second account, but the CNAME or # records are not resolvable.
This can sometimes be tricky so I am going to cover the initial steps.
You create a new hosted zone in Account B
You add that hosted zones NS record in Account A. This is a new NS record in the master record (mydomain.com)
You then add an alias for your load balancer on your hosted zone in Account B.
It looks like you are doing all of this so a few other things you can check:
The security group associated with your ELB allow port 80 or 443.
The public subnets associated with your ELB have routes to the internet gateway.
The NACLs on your subnets allow port 80 or 443.
For some reason I cannot find a yes or no if this is even possible but I am assuming that it would be. I have a domain through AWS that was purchased through AWS Route53. I also created an SSL Cert through AWS Certificate Manager. Now I'm just trying to add that certificate to the domain. I would think that since it is all interconnected that it would just been applied after I approved it and it finished the setup but alas, it has not. So my question is how/where do I connect my SSL Cert to my Route53 hosted domain?
SSL certificates are not connected to a domain's DNS record (via Route 53).
Instead, they are connected to one or more specific infrastructure components.
SSL certificates that you create from ACM can be used with:
AWS Elastic Load Balancer
AWS CloudFront
Create your infrastructure including one or more of those components and then attach your ACM SSL certificate to that.
See the ACM FAQ: https://aws.amazon.com/certificate-manager/faqs/