Want to build an extra level of trust for your customers by adding HTTPS on your website for free?
Enter AWS Certificate Manager (ACM)
AWS ACM lets you easily provision, manage and deploy (SSL / TLS certificates) for the use of AWS services. It secures network communications and establishes the identity of websites over internet. SSL / TLS certificates provisioned through AWS are free and user only pays for the AWS resources created to run the application.
Key benefits of using AWS ACM
- Protect and Secure your Website
- Get Certificates, easily and quickly
- Managed Certificate Renewal
- Integrated with other AWS Cloud Services
- Provision to import third party certificates
Enough sugar-coating. Here’s how you can use it!
ACM provides users with two options to use the certificates:
- Use certificates provided by ACM (ACM Certificates). **This one is Free**
- Import and use your own certificates in ACM. **Your purchased certificates go here**
Once the certificates are imported (either of the above) into ACM, they can be integrated with AWS Load Balancer & AWS CloudFront for enabling HTTPS on applications hosted behind them.
As mentioned above, currently 2 AWS services are integrated with AWS Certificate Manager:
Elastic Load Balancer
To serve secure content over SSL/TLS, load balancers require that SSL/TLS certificates be installed on either the load balancer or the back-end Amazon EC2 instance. ACM integrates with Elastic Load Balancing to deploy ACM Certificates on the load balancer.
To serve secure content over SSL/TLS, CloudFront requires that SSL/TLS certificates be installed on either the CloudFront distribution or on the back-end content source. ACM integrates with CloudFront to deploy ACM Certificates on the CloudFront distribution.
Excited…? Let’s Try it out!
Requesting a Certificate & Validating Domain Ownership
You can refer AWS provided documentation for detailed steps: Requesting and Managing ACM Certificates
Deploying the SSL certificate on the ELB
- In the AWS console go to the ELB section.
- Select the desired ELB to which one want to attach the SSL certificate.
- After selecting the ELB, click on the Listener tab in the bottom pane.
- Click on edit and then click on add to add a new entry.
- From the first drop-down, choose HTTPS as a protocol. Enter the appropriate information and under the SSL Certificate column, click on change.
- When you click on change a dialog will ask you to enter 4 piece of information.
- In the certificate type field select “Choose an existing certificate from AWS Certificate Manager (ACM)”.
- Select the desired certificate and click on save.
Deploying the SSL Certificate on CloudFront
- In the AWS Console, Go to CloudFront Distributions
- Select the CloudFront Distribution for which you have to deploy SSL Certificate and click on Distribution Settings.
- In the General tab click on Edit.
- In the SSL Certificate column, select Custom SSL Certificate.
Select the desired certificate from the dropdown , and click on Yes, Edit at the bottom of the page.
Limitations (of ACM provisioned Free Certificates)
- The Free HTTPS Certificates provisioned by ACM can only be used with AWS Services as of yet: Elastic Load Balancer and CloudFront. Users who are not using CloudFront / Elastic Load Balancer may have to provision these services just to leverage free SSL certs. This can still be cheaper when compared to procuring new SSL certificates.
- However, for users who are already using CloudFront and Elastic Load Balancer in their AWS environment, the cost of procuring SSL certificates gets zeroed down.