1. Create a certificate in ACM
Go to ACM - List certificates - Request a public certificate.
Check the region is us-east-1. A certificate that will use in CloudFront has to be in us-east-1, though my origin(S3 or EC2) exists in other region.
Enter domain name that I have.
Check DNS validation is selected. A DNS validation means creating a certain record to prove that I can modify DNS configuration.
This is the record I have to make in my DNS service, in my case, Route 53.
"Create records in Route 53" button will automatically add the record if I have the domain in the same account. But I had the domain in a different account. I had to do it manually.
In a record name field, copying whole text gave me duplicate domain names, "api.ourcompanylunch.com". I trimmed it.
The final dot (.) in domain name has meaning, which is a root of DNS hierarchy. Some DNS providers reject this dot then automatically add it. But in Route 53 I added it.
Then wait and go to ACM - Certificates - Select the certificate. I can see Issued.
I think it took less than 1 minutes after creating a record to be validated in this case. If it takes longer, you might take a look at a document.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html
After checking it's issued, return to the region that EC2 is running.
Last updated