Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty question clarification needed

  • question clarification needed

  • OOT

    Member
    November 27, 2021 at 7:05 am

    Question:

    An e-commerce website is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer (ALB) and CloudFront. The static assets are being cached in CloudFront, which is using a custom domain name. A Security Administrator has been instructed to modify the architecture to require HTTPS between the clients and CloudFront. The traffic between CloudFront and ALB should also be in HTTPS.

    one of the choices is: In the AWS Certificate Manager console, request a certificate in any AWS region. Use the certificate for the HTTPS connection between CloudFront and ALB.

    Requesting cert in any region is wrong isn’t it?

  • MHK888

    Member
    November 27, 2021 at 10:03 am

    CloudFront can only use ACM certificates requested within or imported to the us-east-1 region.

    See here Requirements for using SSL/TLS certificates with CloudFront – Amazon CloudFront

    • This reply was modified 2 years, 4 months ago by  MHK888.
  • Carlo-TutorialsDojo

    Administrator
    November 30, 2021 at 3:18 am

    Hello OOT,

    HTTPS connection between clients and a CF distribution requires ACM certificates originating from the us-east-1 region. This only applies between clients and CF. If you wish to encrypt the connection between CF and ALB, you may use a certificate created from any region.

    Let me know if this answers your question.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now