Associating a certificate with a domain using CloudFormation template

We can either update our existing stack from the recipe Using custom domain names with CloudFront, if it is still available, or create a new stack. I will not be going over the template components that were already discussed in previous recipes, but the completed template will be available with the code files, for reference. 

  1. We can start the template with the template version and a description (optional).
  2. Define a Parameters section to accept a comma-separated list of domain name aliases and the certificate ARN.
  3. Under the resources property, define the DistributionConfig property with the requisite information.

Define sub-properties under the DistributionConfig property for Origins, Enabled, Comment, DefaultRootObject, Aliases, DefaultCacheBehaviour, and ViewerCertificate:

DistributionConfig:
  Origins:
  - DomainName: quizzer.cloud.s3.amazonaws.com
    Id: myS3Origin
    S3OriginConfig:
      OriginAccessIdentity: ''
  Enabled: 'true'
  Comment: 'CloudFront Distribution with Domain'
  DefaultRootObject: index.html
  Aliases: !Ref DomainNameAliases
  DefaultCacheBehavior:
    TargetOriginId: myS3Origin
    ForwardedValues:
      QueryString: 'false'
      Cookies:
        Forward: none
    ViewerProtocolPolicy: redirect-to-https
  ViewerCertificate:
    AcmCertificateArn: !Ref DomainNameCert
    SslSupportMethod: sni-only

The ViewerCertificate property should have the sub-properties AcmCertificateArn and SslSupportMethod. I have also changed the ViewerProtocolPolicy to redirect-to-https. CloudFormation will now redirect any requests made with an HTTP URL to an HTTPS URL, with an HTTP status code of 301 (Moved Permanently).

We may also import an AcmCertificateArn from a CloudFormation template using its Outputs section, as shown in the Creating SSL/TLS certificate with ACM recipe in Chapter 9, Serverless Programming Practices and Patterns. However, note that we can only import output parameters from a template in the same region, and the certificates for the CloudFront distribution should be available in us-east-1
  1. Add an Outputs section that will return the distribution ID and the CloudFront distribution domain name. Export the CloudFront distribution domain name.
  2. Create the CloudFront distribution by executing the create-stack CLI command, specifying the domains to be aliased as parameters.

It might take some time for the changes to take effect. If the steps are followed as they were listed, the responded status would be CREATE_COMPLETE, and we would have an Outputs section similar to the following:

Note that the complete response is not shown, just the relevant parts.

  1. Create another CloudFormation stack for adding alias records to the HostedZone (quizzercloud.com).

Refer to the Using custom domains with CloudFront recipe, but the Outputs section can now specify HTTPS URLs. The complete template is also available in the code files.

If it is successful, the aws cloudformation describe-stacks command should return a response with a status of CREATE_COMPLETE, and an Outputs section with https URLs.

  1. Finally, go to the domain name URL with the HTTPS prefix:

We generated the certificate without specifying the WWW prefix (the naked domain name); hence, even when we run the URL with a prefix, we will be redirected to the naked domain. 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.128.198.59