Contents

Securing Your EC2 Website with AWS ACM and CloudFront

🔒 Securing Your EC2 Website with AWS ACM and CloudFront

➤ In today’s digital landscape, ensuring that your website is secure is more important than ever. Visitors expect a safe browsing experience, and search engines favor secure websites in their rankings. If you’re running a website on AWS EC2, integrating AWS Certificate Manager (ACM) with CloudFront is a powerful way to achieve robust security and improve performance. In this blog, we’ll walk you through the entire process of setting up SSL/TLS for your EC2-hosted website using AWS ACM and CloudFront.

What is AWS ACM ❓

AWS Certificate Manager (ACM) is a service that allows you to easily provision, manage, and deploy SSL/TLS certificates for use with AWS services. SSL/TLS certificates are used to encrypt the traffic between your website and its visitors, ensuring that sensitive information remains private.

Why Use CloudFront with ACM and EC2? 🤔

Amazon CloudFront is a Content Delivery Network (CDN) that distributes your content globally to ensure fast delivery to users. When paired with AWS ACM, CloudFront can serve your website over HTTPS, providing both speed and security. Here’s why you should consider using CloudFront with ACM for your EC2-hosted website:

➤ Global Distribution: CloudFront ensures that your website content is delivered with low latency, no matter where your users are located.

➤ Enhanced Security: SSL/TLS certificates provided by ACM ensure encrypted communication, protecting user data.

➤ Improved Performance: By caching content at edge locations, CloudFront reduces the load on your EC2 instance, enhancing website performance.

Step-by-Step Guide: Setting Up SSL/TLS with ACM, CloudFront, and EC2 𓊍

Step 1: Request an SSL/TLS Certificate Using AWS ACM

1- Navigate to AWS Certificate Manager

➤ Log in to your AWS Management Console.

➤ Type “Certificate Manager” in the search bar and select the service.

https://github.com/user-attachments/assets/464b8a94-0a01-46ca-ae4e-b0266747924d

2- Request a Public Certificate: 📜

➤ In the ACM dashboard, click on “Request a certificate.”

➤ Choose “Request a public certificate” and click “Next.”

https://github.com/user-attachments/assets/878ac0a0-89e7-4eb9-89f4-e3606eaa9791

3- Specify Domain Names:

➤ Enter the domain name of your website (e.g., www.example.com).

➤ You can also add alternative names (e.g., example.com).

4- Validate Domain Ownership:

➤ Choose the validation method (DNS validation is recommended).

➤ For DNS validation, ACM will provide a CNAME record that you must add to your domain’s DNS settings.

➤ Once the CNAME record is added, AWS will automatically validate the domain.

https://github.com/user-attachments/assets/758cda4e-5d65-4c22-b588-c5aff08e0e59

5- Request Certificate: 🙋🏻‍♂️

➤ After validation, the SSL/TLS certificate will be issued and available in your ACM dashboard.

Step 2: Create a CloudFront Distribution

1- Navigate to Amazon CloudFront:

➤ In the AWS Management Console, search for and select “CloudFront.”

https://github.com/user-attachments/assets/fb369d9c-e953-4cb2-bbac-c75acc507a14

2- Create a New Distribution:

➤ Click on “Create Distribution” and select “Web” for the delivery method.

https://github.com/user-attachments/assets/2789cdb3-2335-41d2-9e5a-6da10d9d974f

3- Configure the Origin Settings:

➤ Set your EC2 instance’s public DNS as the Origin Domain Name.

➤ Configure the rest of the origin settings as per your needs (e.g., protocol policy, connection attempts).

4- Set Up Default Cache Behavior:

➤ Under “Cache Behavior Settings,” configure the viewer protocol policy to “Redirect HTTP to HTTPS” to ensure all traffic is encrypted.

➤ You can also configure caching and other behavior settings to optimize performance.

5- Configure SSL/TLS Settings:

➤ Under “SSL Certificate,” select “Custom SSL Certificate” and choose the certificate you requested from ACM.

➤ Select the appropriate security policy (TLSv1.2 is recommended for most use cases).

6- Review and Create Distribution:

➤ Review your settings and click “Create Distribution.”

➤ It may take some time for the distribution to deploy.

https://github.com/user-attachments/assets/d748a4ae-121e-4f5d-adb6-194015de30ff

https://github.com/user-attachments/assets/569a0c47-398f-454d-90f3-a1a6d1ae977b

https://github.com/user-attachments/assets/6453c3f3-e6c2-4621-863e-301d430e9ca8

https://github.com/user-attachments/assets/6f6ccd6b-370e-428f-b0e4-7d5e85262162

https://github.com/user-attachments/assets/11b13e31-6d4d-4b1f-837b-76e446324e07

https://github.com/user-attachments/assets/a51ba189-9311-42b0-b744-2d320e6ad0d0

Step 3: Update DNS Settings 🌐

1- Get the CloudFront Domain Name:

➤ Once your CloudFront distribution is deployed, you’ll receive a domain name (e.g., d1234.cloudfront.net).

2- Update Your Domain’s DNS Records:

➤ Go to your domain registrar’s DNS settings.

➤ Replace your current A or CNAME records with the CloudFront domain name.

➤ This change routes all traffic through CloudFront, enabling the SSL/TLS encryption.

Step 4: Test Your Website

1- Access Your Website:

➤ Visit your website using https://www.example.com.

➤ Ensure that the SSL certificate is active and that the connection is secure (you should see a padlock icon in the browser’s address bar).

2- Verify Performance and Security: ✅

➤ Use tools like GTmetrix or Google PageSpeed Insights to check the performance improvements.

➤ Ensure that all HTTP requests are redirected to HTTPS and that the site is functioning as expected.

Conclusion

By following these steps, you’ve successfully secured your EC2-hosted website with an SSL/TLS certificate using AWS ACM and CloudFront. Not only have you enhanced the security of your website, but you’ve also optimized its performance by leveraging AWS’s powerful CDN service. This setup ensures that your users can access your website securely and swiftly from anywhere in the world.

Deploying SSL/TLS certificates may seem like a complex task, but with AWS ACM and CloudFront, the process is straightforward and manageable. Start implementing these security measures today to protect your site and provide a seamless, secure experience for your users.