How to use on AWS Opsworks App a certificate bought on AWS Certificate Manager?

2
votes

I have a Rails application deployed on AWS Opsworks. I recently associated a domain bought AWS SES and I got a certificate in AWS Certificate Manager for that domain.

According to the documentation, the supported services are:

  • Elastic Load Balancing
  • Amazon CloudFront
  • AWS Elastic Beanstalk
  • Amazon API Gateway

The first solution that I came up with, is to add an Elastic Load Balancing to my Layer and associate both the domain and the certificate to its Elastic IP.

Did anyone experience the same challenge? Could you suggest any better solution?

E.g. There is a way to obtain the SSL certificate and the SSL certificate key from ACM in order to add it to my App settings in Opsworks?

2
amazon-web-servicessslaws-opsworksaws-certificate-manager

2 Answers

2
votes

You cannot get the SSL certificate key generated by ACM, as you said it is only to be used by the 4 services provided by AWS above.

The one solution you can try is associate the ACM certificate to the ELB and do the SSL offloading at the ELB level, so essentially your listener configuration would be 443 TCP to some non secure port in the instance(Associate the ELB to the layer).

1
votes

Actually after some tries, I managed to achieve it following these steps:

  • add a Load Balance in EC2
  • point the LB to the Opsworks instances
  • add the certificate to LB
  • set properly the listeners configuration in the Security Groups
  • create a new RecordSet in Route53's Hosted Zones
  • add the RecordSet the LB as Alias Target

I wrote an article on LinkedIn Pulse where I put some screenshots and a detailed explanation.