A colleague of mine is responsible for several of our domains and needs to renew the SSL certificates every now and then, when ever this process starts all I hear is grumblings; “Why is this so hard”, “It should be easier” – I don’t know what he needs to do in that process but I am sure I have found an easier (and possibly cheaper) way for him.
I’m not sure how I found it but I recently stumbled over the AWS Certificate Manager (or ACM) service.
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services.
SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet.
AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals.
SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.
How easy is it, well I managed to request and apply a certificate in under 5mins, and I am not the Owner of the domain the certificate was for (The process sends a confirmation email to owner – see below).
Request the Certificate
First you need to request the certificate; you do this by logging on to the AWS Management Console and navigate to the ACM console and selecting ‘Get Started’ or ‘Request a Certificate’.
On the Request a Certificate page you add your domain for which the certificate is for. Once you have entered the domain(s), you select ‘Review and Request’. If all the details are correct select ‘Confirm and Request’.
At this point an email is sent to an authorised representative of the domain (in my case my colleague) for them to approve the certificate being issued. Once approved the certificate is available to be used against certain AWS services, which at the time of writing this post were AWS Elastic Load Balancer and Cloudfront but I am sure this may change over time like most things from AWS.
Apply the Certificate
For an ELB it is a simple as selecting the certificate when creating an HTTPS Listener.
For Cloudfront you associate the certificate with your cloud front distribution. However, note to use an ACM Certificate with CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
As well as issuing certificates, the ACM handles the renewal of ACM issued certificates, enables you to import third party certificates, and centrally manage the certificates in the cloud.
I think you’ll agree that the process is much simpler for my colleague as he doesn’t need to do anything except for approve the certificate being issued and he can leave everything else up to someone else.
Except, if you were paying attention this is only for AWS services – ELB’s or cloudfront; what if your solutions don’t use these services? Well my argument to that is if you want to produce durable and scalable solutions then why wouldn’t you be using those AWS services 😉 .
Like always AWS have produced some great documentation for this service with an overview or more detailed user guide.
You learn something everyday
Barry, Preventer of Chaos
Barry blogs about how to stop chaos in your systems
Want to read more? Try Selecting a SAS Hotfix Strategy or more from Barry
We’ve got the best SAS Administrators in New Zealand ready to help you with your SAS environment. Find out more here.