I'm running a EC2 instance with Amazon Linux. My public URL is like :
my-url-prefix.us-west-2.compute.amazonaws.com
. I need SSL for a specific reason. My question is this:
Is there any way to add SSL for the domain "my-url-prefix.us-west-2.compute.amazonaws.com"? What is the process of doing so?
Like OpenShift.com, is there any way of getting a HTTPS for the ec2 instance? Like https://the-maevjay.rhcloud.com/
No.
Amazon owns the amazonaws.com domain. So you cannot obtain an SSL certificate for that URL. Doing so would defeat the purpose of the certificate authority.
As Matt Houser answered, you can't obtain an SSL certificate for the amazonaws.com domain. You need to obtain a domain and get the certificate for that.
Per the official docs:
"If you plan to use your EC2 instance to host a public web site, you need to register a domain name for your web server or transfer an existing domain name to your Amazon EC2 host."
If you have a domain, the process isn't exactly straightforward but is well documented. Assuming you are using Apache Web Server, you can follow the instructions from here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
Related
I have created a nodejs app and hosted it on aws ec2.
Enabled HTTPS, HTTP in the security. I purchased a domain from an external domain provider and connected nameservers using route53.
Now, when I am opening the domain it showing not secure. How Can I make it secure. I tried listen port in 443 but then domain was not opening.
Can Someone please help how to make it secure or provide some good documentation for begineers.
If you don't want use a load balancer to front your instance, then you have to get and install a third party SSL certificate on your instance for your domain.
A popular choice are certificates from https://letsencrypt.org/ (StackOverflow uses them as well). They also provide https://certbot.eff.org/ tool for easy installation and setup of the SSL certs on a variety of operating systems and servers.
I have an ELB instance installed on my AWS account (http://editoradbosco.us-east-2.elasticbeanstalk.com), and it is working normally. My domain is installed on Hostgator (https://centrodombosco.org), and on this, I have a CNAME that points to my AWS endpoint (http://editora.centrodombosco.org).
However, I need to use an HTTPS (SSL) protocol. How can I proceed? I have an SSL contracted on Hostgator for this subdomain, but Hostgator has informed me that I need to make adjustments to AWS so that it works, but I do not know how to proceed.
How can I make this work?
I tried to create an SSL by Certificate Manager on AWS, appointing the CNAMES on my DNS Panel on Hostgator. But it fails. I guess its not possible to use AWS Certificates outside AWS Domains.
There are two ways you can do this.
Since you already have an SSL from Host Gator, you can import that certificate to AWS Certificate Manager (instructions here). Once you import a certificate it is immediately considered validated and you can immediately proceed to configure your EB environments Load Balancer to terminate HTTPS as described here.
Alternatively, if you’d like to use Amazon Certificate Manager but for some reason the DNS validation isn’t working, or its not possible for you to validate ownership of the domain using the DNS method, Amazon Certificate Manager also offers you the option to use email to validate your ownership of the domain, as described here. Once your ownership of the domain is validated you can then proceed to configure your EB environments Load Balancer to terminate HTTPS as described here.
As a side note, you may wish to consider using Route53 to handle DNS for your domain. Route53 is tightly integrated with AWS services such as ACM and, as is the case with ACM, services requiring custom DNS entries will often offer to make the correct DNS entries directly in to your Route53 hosted zone on your behalf.
I have made a flask application to use only as API. I have hosted it on aws using nginx and gunicorn. I intend to use the API to run my android application. There is a part in the application where i have to download something using Android Download Manager, but it only downloads things hosted in https domains. So i want to make my application https instead http. But every tutorial shows me a way with a purchased domain. I dont have much information on it yet, but I cant get an SSL Certificate from amazon without purchased domain name(which is pointless for an API). I just want to know how can I do this? How can I make my nginx server listen to https requests?
I have hosted it on aws using nginx and gunicorn.
I think you need a domain name to get ssl on AWS.
It is not allowed in AWS.
One part of HTTPS is encryption, the other part is identity verification. What you're asking for is impossible since it is required that you have to verify your domain name. Without this no Certificate authority will sign a certificate. You cannot have publicly valid certificate if it's self-signed. ACM (Amazon Certificate Manager) an AWS service, will not allow you to create a certificate without a valid domain name.
I created an SSL certificate last night for use with an API (Tomcat, Spring Boot) on AWS Elastic Beanstalk using instructions provided by Amazon Certificate Manager.
When creating the cert, I entered the URL of my static site that calls the API, which is hosted by GoDaddy. ACM sent an email to my URL which I opened and approve and I now see the cert as issued, by Amazon, in my certs. I am also able to select it when I configure HTTPS for my EB load balancer. I am not able to export this cert though as it isn't private.
My question is, how is domain name used? I think I'm a little confused about how to use SSL on both my API and my static site AS WELL as the small bit of static content I'll host out of Tomcat.
Thanks.
ACM certs can only be used with AWS services - Cloudfront (if the cert is issued in us-east-1) and regionally on the classic load balancer and application load balancer.
You cannot export the cert for use in other products, so if you wanted to have Tomcat handle SSL you would need to get either a commercial cert or use something like Let's Encrypt.
If you have multiple host names you want to protect, you have different options.
You can get one cert per hostname if they are running on completely separate infrastructure; you can also have multiple host names in a single cert - even if there are multiple domains; and finally you can get a wildcard cert.
I am new in the Amazon EC2 world, I just created an app, that is located URL like this:
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
This is generated URL by Amazon EC2.
Now I would need to use my own domain name, so when I would access www.my-domain-name.com, I would like to see the content from
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
I bought the domain name on Godaddy.
Is there any way to do this in Amazon AWS dashboard or do I need to set it up in Godaddy system?
Thanks
I am answering on a more general level because I stumbled upon this thread when setting my custom domain.
In Amazon I created an instance and associated an IP to that instance. You were able to access it by typing in the amazon url
I actually used Media Temple not GoDaddy, but it will be similar. I went to the zone file and added that public url to the www
And as you can see, here is my blog actually working on the custom domain.
I set the wildcard because that way, no matter what someone types, if it is not set, then they will still see the site.
EDIT
For the root URL you should be entering your elastic IP and setting that as an A record.
First you need to set an ElasticIP for associated to that instance.
Then point the DNS entry of "www" for "my-domain-name.com" to the IP assigned in the step above.
Where you manage your DNS is another thing, can be in GoDaddy or in AWS Route53. You must adjust the delegation DNS in the "my-domain-name.com" register. Ex: your domain can be registered with GoDaddy but its delegation DNS point to Route53 so you can manage the domain from your AWS Console.
In order to setup DNS mapping you can map the existing IP 54.123.45.678 to ex: www.my-domain-name.com.
However, as you are running tomcat which is running at 8080 you need to forward the the request to the tomcat using Apache. So that you can visit www.my-domain-name.com without port 8080. If you are using linux box install Apache, apache-modjk and then configure sites.