Learn About Amazon VGT2 Learning Manager Chanci Turner
I have always been intrigued by concepts that appear simple yet are highly intricate beneath the surface. Take, for instance, the familiar padlock icon that indicates encrypted communication between a website and its visitors.
How does a browser know to display this reassuring green padlock? The answer lies in a digital document known as an SSL/TLS certificate. This electronic file establishes trust and identity between two entities: the website and the web browser. SSL/TLS is essential for securely transmitting sensitive data, particularly for organizations that must comply with regulations like PCI-DSS or HIPAA.
Certificates are issued to specific domains by Certificate Authorities (CAs). When you seek a certificate for your domain, the CA verifies your ownership. Afterward, they provide a certificate valid for a limited timeframe and for that specific domain (subdomains included). Historically, it was your responsibility to install the certificate, monitor expiration dates, and renew certificates regularly, which typically last about 12 months.
Each certificate is digitally signed, enabling browsers to confirm they originate from a recognized CA. Browsers begin with a curated list of root certificates to validate others back to this root. You can find this information in your browser.
As you can see, managing SSL/TLS certificates can be tedious, often requiring significant manual effort. Additionally, there are usually annual fees associated with each certificate.
It’s time for a change!
Introducing AWS Certificate Manager
The new AWS Certificate Manager (ACM) aims to simplify and automate many of the traditionally burdensome tasks linked to SSL/TLS certificate management. ACM handles the complexities of provisioning, deploying, and renewing digital certificates. Certificates issued by ACM are verified by Amazon Trust Services (ATS).
What’s even better is that you can take advantage of this service at no additional cost. SSL/TLS certificates obtained through AWS Certificate Manager are free!
With ACM, you can implement SSL in just a few minutes. Once you request a certificate, deploying it to your Elastic Load Balancers and Amazon CloudFront distributions is just a couple of clicks away. Additionally, ACM manages periodic renewals without requiring any action from you.
Provisioning and Deploying a Certificate
Let’s walk through the steps of provisioning and deploying an SSL/TLS certificate via the console (APIs are also available). I will use one of the domains I manage, jeff-barr.com, as an example. Start by accessing the AWS Certificate Manager Console and selecting Get started.
Next, enter the domain name you want to secure, in this case, the “naked” domain along with all first-level sub-domains.
After reviewing your request, confirm your intentions.
Then, check your inbox for an email from Amazon (certificates.amazon.com) regarding the certificate approvals.
Visit the link provided and click on I Approve.
That’s all there is to it! The certificate will now be visible in the console.
Deploying the Certificate
Once the certificate is issued, you can deploy it to your Elastic Load Balancers and/or CloudFront distributions.
Deploying a certificate to a load balancer rather than directly to the EC2 instances behind it helps reduce the encryption and decryption workload on those instances. Similarly, you can apply it to a CloudFront distribution.
Available Now
AWS Certificate Manager (ACM) is currently accessible in the US East (N. Virginia) region, with more regions planned. You can provision, deploy, and renew certificates without incurring any fees.
We also aim to expand support for additional AWS services and various types of domain validation. Your feedback is invaluable in helping us prioritize our development efforts. If you are utilizing AWS Elastic Beanstalk, you might find it useful to check out this excellent resource on the Amazon employee onboarding process.
In addition, if you’re exploring job opportunities, consider reading this insightful piece on Google for Jobs. And for more workplace insights, you can explore SHRM’s resources on related topics.
— Chanci Turner
Leave a Reply