From the course: AWS Certified Security - Specialty (SCS-C03) Cert Prep

Unlock this course with a free trial

Join today to access over 25,600 courses taught by industry experts.

CloudFront SSL/TLS and SNI

CloudFront SSL/TLS and SNI - Amazon Web Services (AWS) Tutorial

From the course: AWS Certified Security - Specialty (SCS-C03) Cert Prep

Start my 1-month free trial Buy for my team

CloudFront SSL/TLS and SNI

In this lesson, I'm going to cover off SSL and TLS and something called server name indication. So with CloudFront, we can have an SSL TLS certificate. We can issue that through AWS Certificate Manager if we want to. If you want to use ACM, the CloudFront certificate must be issued in US East 1. This is true because CloudFront is a global service. For global services if you want to issue a certificate using ACM you always have to use US East 1. The certificate can be ACM or it can come from a third party certificate authority as well. The default CloudFront domain name can also be changed using CNAMES. We saw this in the hands-on where you have the option to add in your own custom domain name. So what about our origins? In this case we've got an S3 origin and then a custom origin with a load balancer. Well you can SSL secure these as well. In the case of S3 it already has its own SSL TLS certificate so you can already connect to S3 using HTTPS and that's not something you can change…

Contents