 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Amazon Web Services (AWS) has great resources for issuing and using SSL certificates, but the process of migrating existing resources to HTTPS can be complex — and it can also require many intermediate steps.
But as this tutorial shows, you can get your S3 bucket set up in just an hour or two.
Why is this necessary, anyway?
The big driver for this need is Google, which is phasing support for HTTP connections out of Google Chrome.
Currently, Chrome warns users when they’re accessing a site HTTP, but doesn’t prevent it altogether.
It won’t be long before accessing almost any site via HTTP will prompt a full-screen warning.
This is a site with bad HTTPS, but it gives you a notion of how HTTP might look in the near future.
HTTP connections reveal, at a minimum, full information about the routing and content of requests to everyone else on the local network. If your users are accessing your site in a coffee shop, no amount of server-side security will prevent you from leaking information in the stage between the user (and their router) and your site.
To get started, you’ll need an SSL certificate. On anything but AWS, the best option is Let’s Encrypt SSL certificates, which issues free certificates to all.
On AWS, there’s a cert manager included that will issue certificates for AWS services.
When you add a domain to a certificate, you’ll be required to verify ownership by one of two methods:
DNS verification has a number of advantages over email verification. Most notably, you only need to verify once for multiple subdomains, and you won’t have to check your email to renew the certificate. Verification via DNS requires you to add a CNAME record with the registrar for some long random domains (e.g., _3639ac514e785e898d2646601fa951d5.example.com). AWS checks at that location, gets redirected back to its own server and knows everything is hooked up.
This can take up to an hour for the CNAME record to populate and AWS to validate, but it’s more durable than email validation and worth the effort.
You’ll want to use your new SSL certificate with your S3 bucket by linking them with CloudFront, a content delivery network (CDN) service that can also add HTTPS to your S3 resources.To activate CloudFront,go to the CloudFront Dashboard and click “Create Distribution,” — you’ll then be taken to a few pages of settings. Most of these can be left at default, except:
From the Route 53 dashboard, you can create an alias that points from your domain to the CloudFront Distribution you just created.
Clicking into “Alias Target” loads a drop-down where you can select your CloudFront distribution and create your recordset.
These settings will take 45 minutes or so to promulgate, but after that you should be able to enter the URL of any S3 object and see it loading via HTTPS.
As mentioned above, Google has some very good reasons for asserting its influence to make the shift to HTTPs. The steps above, we hope, will help to make the process as short and painless as possible.
