0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

AWSでセキュア(HTTPS)な独自ドメインサイトを構築する手順

Last updated at Posted at 2019-09-14

概要

AWSでセキュア(HTTPS)な独自ドメインサイトを構築する下記2つの手順をまとめる。

  • CloudFront + EC2インスタンス
  • CloudFront + S3

Certificate Managerの設定

ドメインの登録 "zzzz.net" (有料)
ドメイン(example.net)登録料金=11$
証明書作成リージョン = US東部 バージニア北部

Route53の設定

レコードセットの登録

  • EC2インスタンス向け
    xxxx.zzzz.net CNAME yyyy.cloudfront.net 手動登録
    xxxx.zzzz.netの証明書に関するCNAME CloudFrontから[Request or Import a Certificate with ACM]を押下し自動登録

  • S3向け
    XXXX.zzzz.net CNAME YYYY.cloudfront.net 手動登録
    XXXX.zzzz.netの証明書に関するCNAME CloudFrontから[Request or Import a Certificate with ACM]を押下し自動登録

CloudFrontの設定

EC2インスタンス向け

  • General:

    Alternate Domain Names (CNAMEs) = xxxx.zzzz.net

    [Request or Import a Certificate with ACM]で証明書を要求

    Custom SSL Certificate (example.com) = 証明書を指定
  • Behaviors:

    Viewer Protocol Policy = HTTP and HTTPS

    Allowed HTTP Methods = GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

    CloudFrontキャッシュ無効化 (Minimum/Maximum/Default TTL=0)

    Cache Based on Selected Request Headers = All

    Forward Cookies = All

    Query String Forwarding and Caching = cache based on all
  • Origins:

    Origin Protocol Policy = HTTP Only

    Origin Domain Name = EC2の外部公開ドメイン名 (xxxx.zzzz.netではない)

    Origin Response Timeout = 60

    HTTP Port = EC2の外部公開ポート番号

S3インスタンス向け

  • General:

    Alternate Domain Names (CNAMEs) = XXXX.zzzz.net

    [Request or Import a Certificate with ACM]で証明書を要求

    Custom SSL Certificate (example.com) = 証明書を指定
  • Behaviors:

    Viewer Protocol Policy = HTTP and HTTPS

    Allowed HTTP Methods = GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

    CloudFrontキャッシュ無効化 (Minimum/Maximum/Default TTL=0)

    Cache Based on Selected Request Headers = None(Improves Caching)

    Forward Cookies = All

    Query String Forwarding and Caching = cache based on all
  • Origins:

    Restrict Bucket Access = YES

    Origin Access Identity = Use an Existing Identity

    Grant Read Permissions on Bucket = No, I Will Update Permissions

    Origin Domain Name = S3の外部公開ドメイン名 (XXXX.zzzz.netではない)

ブラウザからの接続

  • EC2インスタンス向け
    http://xxxx.zzzz.net
    https://xxxx.zzzz.net

  • S3向け
    http://XXXX.zzzz.net
    https://XXXX.zzzz.net

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?