This article will summarize the different steps to follow to configure your Amazon Web Service load balancer with using a SSL certificate. GANDI is the Certificate Authority used to generate the SSL certificate used in this article.
The article is composed as below:
- Install AWS command line interface
- Configure credentials
- Ensure you have all the requirements
- Upload your certificate using the AWS CLI
- Configure your load balancer
Do not hesitate to comment in case of question.
Install AWS command line interface
- Install PIP by following the procedure: https://pip.pypa.io/en/stable/installing
- Install AWS CLI : http://docs.aws.amazon.com/cli/latest/userguide/installing.html
pip install awscli --upgrade --user
- As specified in AWS documentation, modify your environment PATH to add the binaries folder where AWSCLI has been installed. For me, under macOS, it has been installed in the folder /Users/anthony/Library/Python/2.7/bin
- Now you should be able to use the aws command. You can verify by executing the following:
Now the AWS CLI is installed, you need to configure the credentials to access to your AWS account. Personnally, I used the environment variables.
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_DEFAULT_REGION=us-west-2
Ensure you have all the required files
Once you ordered the SSL certificate to your certificate provider, you should have the following files:
- A public key (certificate-1234.crt)
- A private key (myserver.key)
- A certificate chain (GandiStandardSSLCA2.pem)
Upload your certificate to AWS using AWS CLI
The full procedure is explained in AWS documentation: http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
The magic command to use with my files is:
aws iam upload-server-certificate \ --server-certificate-name myServerCertificate \ --certificate-body file://certificate-1234.crt \ --private-key file://myserver.key \ --certificate-chain file://GandiStandardSSLCA2.pem
Configure your load balancer listener
- Connect to the AWS console
- Choose EC2 service
- Go to Load Balancing section
- Then Load Balancer
- In the list, select the concerned load balancer
- Go to the tab Listeners and click on Change to select the SSL certificate you just uploaded
The configuration is finished.