Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional HSM – SSL certificate

  • HSM – SSL certificate

  • VG-AWS

    Member
    July 6, 2020 at 6:37 am

    https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-import-or-generate-private-key-and-certificate.html

    Since we don’t want the DevOps team to have access to the certificate, it is best to terminate the SSL on the ELB level rather than the EC2. Hence, the correct answer is configuring an IAM policy that authorizes access to the certificate store only for the cybersecurity team and then adding a configuration to terminate the SSL on the ELB.

    Using the AWS Config service to configure the EC2 instances to retrieve the X.509 certificate upon boot from a CloudHSM that is managed by the cybersecurity team is incorrect because the AWS Config service simply enables you to assess, audit, and evaluate the configurations of your AWS resources. It does not grant any permission or access. In addition, CloudHSM is a managed hardware security module (HSM) in the AWS Cloud that handles encryption keys and not SSL certificates.

    Is this correct? HSM) in the AWS Cloud that xxxxxx not SSL certificates.

  • TutorialsDojo-Support

    Member
    July 13, 2020 at 8:57 pm

    Hi VG,

    Thank you for your feedback.

    Can you post here the question you are pertaining to? The questions are randomized and I can’t identify your question from our question bank.

    Thanks and Regards,

    Kenneth Samonte @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now