Home › Forums › AWS › AWS Certified Security – Specialty › question clarification needed
-
question clarification needed
Carlo-TutorialsDojo updated 2 years, 10 months ago 3 Members · 3 Posts -
Question:
An e-commerce website is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer (ALB) and CloudFront. The static assets are being cached in CloudFront, which is using a custom domain name. A Security Administrator has been instructed to modify the architecture to require HTTPS between the clients and CloudFront. The traffic between CloudFront and ALB should also be in HTTPS.
one of the choices is: In the AWS Certificate Manager console, request a certificate in any AWS region. Use the certificate for the HTTPS connection between CloudFront and ALB.
Requesting cert in any region is wrong isn’t it?
-
CloudFront can only use ACM certificates requested within or imported to the us-east-1 region.
See here Requirements for using SSL/TLS certificates with CloudFront – Amazon CloudFront
- This reply was modified 2 years, 10 months ago by MHK888.
-
Hello OOT,
HTTPS connection between clients and a CF distribution requires ACM certificates originating from the us-east-1 region. This only applies between clients and CF. If you wish to encrypt the connection between CF and ALB, you may use a certificate created from any region.
Let me know if this answers your question.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.