How to upload SSL certificate to AWS ELB

How to upload SSL certificate to AWS ELB

This is Saito from the Infrastructure team.
To all the infrastructure and in-house system engineers, thank you for your hard work every time you renew your SSL certificate.

Now, AWS Certificate Manager has been available in the Tokyo region since May 16th of this year

From now on, you can use SSL certificates with Amazon as the certificate authority for free

AWS is becoming more and more convenient, and this time we will show you how to apply an SSL certificate obtained through another certificate authority to an ELB

This task uses AWS CLI. Please install the following modules before proceeding

pip install awscli

If you have not yet completed the initial setup, enter the following command:

aws configure

Complete the default settings by entering the following items:
AWS Access Key ID [None]:

AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]: The settings you made are saved in the files ~/.aws/credentials, ~/.aws/config

How to upload

First, prepare an SSL certificate. In an environment where you can run awscli commands
, prepare the SSL certificate in the current directory, and
then use the following command to upload the SSL certificate to the remote management console.

aws iam upload-server-certificate --server-certificate-name "example-domain.com" \ --certificate-body file://./example-domain.com.crt \ --private-key file://./example-domain.com.key \ --certificate-chain file://./example-domain.com.ca

Each is as follows:
certificate-body: server certificate
private-key: specifies the private key

specifies the intermediate certificate

If you have multiple user profiles in ~/.aws/credentials specify them with
the --profile Also, if an error message appears asking you to specify a region, specify the ELB region with
the --region For example, the Tokyo region is ap-northeast-1.

Now, let's list the commands for each case

When adding a new listener to ELB, such as https(443) → http(80)

aws elb create-load-balancer-listeners \ --load-balancer-name \ --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:iam:::server-certificate/example-domain.com --region ap-northeast-1

To update the certificate for an existing listener:

aws elb set-load-balancer-listener-ssl-certificate \ --load-balancer-name \ --load-balancer-port 443 \ --ssl-certificate-id arn:aws:iam:::server-certificate/example-domain.com \ --region ap-northeast-1

To delete an uploaded certificate:

aws iam delete-server-certificate --server-certificate-name example-domain.com

To remove a listener:

aws elb delete-load-balancer-listeners --load-balancer-name --load-balancer-ports 443

Knowing the above commands will make uploading certificates to ELB much smoother.
You can also embed them in a shell script as a standard process.