How to upload an SSL certificate to AWS ELB

How to upload an SSL certificate to AWS ELB

This is Saito from the infrastructure team.
To all the infrastructure team members, or in-house system engineers, thank you for your hard work on SSL certificate renewals every time.

Now, AWS Certificate Manager has been available in the Tokyo region since May 16th of this year

From now on, you can use SSL certificates with Amazon as the certificate authority for free

AWS is becoming more and more convenient, and this time we will show you how to apply an SSL certificate obtained through another certificate authority to an ELB

This task uses AWS CLI. Please install the following modules before proceeding

pip install awscli

If you have not yet completed the initial setup, enter the following command:

aws configure

Enter the following information to complete the default settings:
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
The settings you configure~/.aws/credentials and ~/.aws/configwill be saved in the files

How to upload

First, prepare an SSL certificate. In an environment where you can execute awscli commands
, place the SSL certificate in the current directory, and then
upload the SSL certificate to the remote management console using the following command.

aws iam upload-server-certificate --server-certificate-name "example-domain.com" \ --certificate-body file://./example-domain.com.crt \ --private-key file://./example-domain.com.key \ --certificate-chain file://./example-domain.com.ca

the following:
certificates-body: server certificate,
private-key: private key,
certificate-chain: intermediate certificate
specifies

~/.aws/credentialsIf you have multiple user profiles inthe --profilespecify them using
Also, if you receive an error message prompting you to specify a region,the --regionspecify the ELB region using
For example, for the Tokyo region, it would be ap-northeast-1.

Now, let's list the commands for each case

When adding a new listener to ELB, such as https(443) → http(80)

aws elb create-load-balancer-listeners \ --load-balancer-name \ --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:iam:::server-certificate/example-domain.com --region ap-northeast-1

To update the certificate for an existing listener:

aws elb set-load-balancer-listener-ssl-certificate \ --load-balancer-name \ --load-balancer-port 443 \ --ssl-certificate-id arn:aws:iam:::server-certificate/example-domain.com \ --region ap-northeast-1

To delete an uploaded certificate:

aws iam delete-server-certificate --server-certificate-name example-domain.com

To remove a listener:

aws elb delete-load-balancer-listeners --load-balancer-name --load-balancer-ports 443

Knowing the above commands made uploading certificates to the ELB much smoother. It
's also a good idea to embed them in a shell script as a standard procedure.