1. Create a certificate in ACM

Go to ACM - List certificates - Request a public certificate.

Check the region is us-east-1. A certificate that will use in CloudFront has to be in us-east-1, though my origin(S3 or EC2) exists in other region.

Enter domain name that I have.

Check DNS validation is selected. A DNS validation means creating a certain record to prove that I can modify DNS configuration.

This is the record I have to make in my DNS service, in my case, Route 53.

"Create records in Route 53" button will automatically add the record if I have the domain in the same account. But I had the domain in a different account. I had to do it manually.

In a record name field, copying whole text gave me duplicate domain names, "api.ourcompanylunch.com". I trimmed it.

The final dot (.) in domain name has meaning, which is a root of DNS hierarchy. Some DNS providers reject this dot then automatically add it. But in Route 53 I added it.

Then wait and go to ACM - Certificates - Select the certificate. I can see Issued.

I think it took less than 1 minutes after creating a record to be validated in this case. If it takes longer, you might take a look at a document.

https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html

After checking it's issued, return to the region that EC2 is running.

PreviousUse CloudFront in front of EC2 Next2. Create CloudFront distribution

Last updated 1 year ago