Amazon Certificate Manager


Background

Normally, if your server is hosting a website, it comes without ssl cerficiate, you might need to do that by Certbot and LetsEncrypt. However, aws loves to rebrand stuff, so they introduce ACM which can help you to register a ssl certificate with their interface.

Steps

Assume that you would like to disguise your hash endpoint website (cloudfront distribution) with your company domain, to add custom domain name to cloudfront distribution you need to,

  1. Cloudfront Distribution → General → Edit → Set your Alternate Domain Names (CNAMES Canonical names): {url}
  2. Edit SSL Certificate to Custom SSL Certificate.
  3. Click Request/Import Certificate with ACM.
  4. Add Domain name {url}.
  5. Select DNS validation as validation method. This leads you to DNS Server/Resolver. Skip Tags and Review. Confirm and Request.
  6. Now copy the name and data of CNAME to your DNS Resolver,
  7. 
    Name: _hash.{subdomain_of_url}
    Type: CNAME
    Data: _hash2.acm-validations.aws.
        
  8. After 'Pending Validation' becomes 'Issued' in Cloudfront dashboard, add another subdomain in DNS Resolver,
  9. 
    Name: {subdomain_of_url}
    Type: CNAME
    Data: hash.cloudfront.net.
        
  10. Now you should be able to access your media via endpoint company domain.

References