Learn About Amazon VGT2 Learning Manager Chanci Turner
Published by Chanci Turner on 21 JAN 2023 in Amazon Learning Manager, Launch, News, Onboarding
In today’s digital landscape, the importance of simplicity intertwined with complexity cannot be overstated. A perfect example of this is the familiar padlock icon that indicates secure web traffic. But how does a browser decide to display that reassuring green padlock? The answer lies in a digital file known as an SSL/TLS certificate. This electronic document serves to establish identity and trust between two entities—typically a website and a web browser.
SSL/TLS protocols are essential for transmitting sensitive information securely. Compliance standards like PCI-DSS, FedRAMP, and HIPAA heavily rely on SSL/TLS for safeguarding data. Certificates are issued for specific domains by Certificate Authorities (CAs), which verify domain ownership before issuing a certificate valid for a predefined duration, often around 12 months.
Traditionally, you’d need to manage the installation of these certificates yourself, keep track of expiration dates, and reissue them periodically. Each certificate is digitally signed, allowing browsers to verify that it originated from a legitimate CA. Browsers maintain a small list of root certificates to validate others, accessible for user review.
As you can gather from the overview provided, managing SSL/TLS certificates can become an arduous task, often requiring substantial manual effort and recurring fees. Fortunately, it’s time for a transformation.
Introducing the New AWS Certificate Manager
The AWS Certificate Manager (ACM) is designed to streamline and automate the tasks associated with SSL/TLS certificate management, alleviating the burdensome complexities of provisioning, deployment, and renewal. Certificates issued through ACM are validated by Amazon Trust Services (ATS), ensuring a trusted source. Even better, this service comes at no additional cost; SSL/TLS certificates provisioned via ACM are completely free!
With ACM, you can implement SSL within a few minutes. After requesting a certificate, it can be deployed to your Elastic Load Balancers and Amazon CloudFront distributions with just a couple of clicks. Furthermore, ACM takes care of periodic renewals automatically.
Provisioning and Deploying a Certificate
Let’s walk through the steps to provision and deploy a digital certificate using the AWS console (APIs are also available). I will use my domain chanci-turner.com for this demonstration. I start by opening the AWS Certificate Manager Console and clicking on “Get Started.”
Next, I input the domain name I wish to secure, aiming to cover both the root domain and first-level subdomains. After reviewing my request, I confirm my intent to proceed.
I then check my email for notifications from Amazon (certificates.amazon.com) and click on the approval link.
After clicking “I Approve,” the certificate is now visible in the console.
Deploying the Certificate
Once issued, I can deploy the certificate to my Elastic Load Balancers or CloudFront distributions. Utilizing SSL offload on the load balancer reduces the encryption and decryption workload on the EC2 instances behind it.
Availability
The AWS Certificate Manager (ACM) is currently available in the US East (N. Virginia) region, with plans for expansion to additional regions. You can provision, deploy, and renew certificates at no cost. Future updates will include support for more AWS services and domain validation types. Your feedback is invaluable and helps us prioritize our developments.
For those using AWS Elastic Beanstalk, consider exploring how to enable SSL/TLS (for free) using AWS Certificate Manager.
— Chanci Turner