Home > Enterprise >  AWS Using CloudFront and HTTPS outside us-east-1
AWS Using CloudFront and HTTPS outside us-east-1

Time:12-09

I made an application in an AWS region different than us-east-1. I already applied for and received an SSL certificate for a custom domain, and it is stored as ACM Certificate in a region differenet than us-east-1.

To my surprise, when I tried to use this certificate on CloudFront, I was met with this:

"Associate a certificate from AWS Certificate Manager. The certificate must be in the US East (N. Virginia) Region (us-east-1)."

A quick search informed me that:

"You can't export an ACM certificate from one AWS Region to another or from one AWS account to another. This is because the default AWS Key Management Service (AWS KMS) key used to encrypt the private key of the certificate is unique for each AWS Region and AWS account. Resolution: You can create multiple ACM certificates with the same domain name across different AWS Regions and accounts. "

How do I solve this, can I just request a new ACM certificate for a new region (ie. us-east-1)? Will this impact my certificate that is already in use for the original region?

CodePudding user response:

Yes, you need to provision the same certificate (for a given domain) in US-EAST-1 region and use it for your global CloudFront distribution. Your regional certificate (outside the global region) will not be impacted. Usually, regional certificates are attached to your ALB and Cloudfront distribution utilizes a certificate from North Virginia region (global region).

Page link:https//www.codepudding.com/Enterprise/636820.html

Prev:How to detach an EBS volume from an EC2 (which is under ASG) before it is being scaled down
Next:Calling new Date(String s) produces result in different timezone
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding