MemberNovember 27, 2021 at 7:05 am
An e-commerce website is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer (ALB) and CloudFront. The static assets are being cached in CloudFront, which is using a custom domain name. A Security Administrator has been instructed to modify the architecture to require HTTPS between the clients and CloudFront. The traffic between CloudFront and ALB should also be in HTTPS.
one of the choices is: In the AWS Certificate Manager console, request a certificate in any AWS region. Use the certificate for the HTTPS connection between CloudFront and ALB.
Requesting cert in any region is wrong isn’t it?
MemberNovember 27, 2021 at 10:03 am
CloudFront can only use ACM certificates requested within or imported to the us-east-1 region.
- This reply was modified 2 years, 2 months ago by MHK888.
AdministratorNovember 30, 2021 at 3:18 am
HTTPS connection between clients and a CF distribution requires ACM certificates originating from the us-east-1 region. This only applies between clients and CF. If you wish to encrypt the connection between CF and ALB, you may use a certificate created from any region.
Let me know if this answers your question.
Carlo @ Tutorials Dojo
Log in to reply.