Documentation:Amazon Web Services (AWS)

From UBC Wiki
Emerging Media Lab
UBC Emerging Media Lab Signature.png
About EML
A collaborative space for UBC faculty, students and staff for exploration of emerging technologies and development of innovative tools and solutions. This wiki is for public-facing documentation for our projects and procedures.
Subpages


Introduction

This page documents some of the steps developers would follow in order to utilize some of the features in AWS. Some examples are: creating a SSL Certification for HTTPS, setting up a project in S3, etc. Some of these techniques are currently used in EML projects.

SSL Certificates with Amazon Certificate Manager

Note: Before you create a SSL certification please note that certificates are region specific, and the cert. created may or may not work depending on how the application is hosted. For example:

  • Applications hosted with Cloudfront in AWS: Certificates created / imported with ACM must be done in US East (N. Virginia).
  • Applications hosted in Elastic Beanstalk environment and certificates must have matching regions. Ex: if the environment is hosted in central, then the certificates must be created / imported in central.


I will be using the example from one our EML projects, MootCourt, to create and validate a SSL certificate. The domain name mootpractice.ca is already registered via Amazon Route 53, and the application is hosted in Cloudfront AWS. We would like to create a certificate for ubc.mootpractice.ca.

  1. Login to AWS, navigate to Amazon Certificate Manager. Make sure you are on the correct region. (Top right shows the current region ACM is in).
  2. Click on Request, and type in the qualified domain name. In our ex: it's *.mootpractice.ca. Choose validation by DNS.
  3. Now you have a certificate that is pending (make sure you refresh the page to show).
  4. Now ACM needs to verify the certificate.
    • One way of DNS verifying can be done via. Amazon Route 53 (see below).
    • Another way is through 3rd party (see below).

Amazon Route 53 DNS Verification

If the domain name is already registered using AR53, verifying with DNS becomes a lot easier. We would add a record in AR53 for the MootCourt example.

  1. Login to AWS, navigate to Amazon Route 53. Under hosted zones, click on the name (in this case mootpractice.ca).
  2. Add a new record where the record name is CNAME name (from the pending certificate in ACM) and record value is CNAME value (from the pending certificate in ACM). Leave the routing policy to simple and the TTL to default. Create record.
  3. The certificate should automatically verify. In ACM, the status would be "issued" with a green checkbox.

See https://aws.amazon.com/premiumsupport/knowledge-center/route-53-validate-acm-certificates/ for more detailed explanation.

3rd Party Verification

Export the CSV record (which includes the domain, record name, type and record value) and give it to the appropriate user so they can add register it. For example UBC IT might register a domain name for you and they would add the record.

S3 Buckets

TODO

Redirecting URLs in CloudFront to S3 instance

Assumptions:

  • We already have a CloudFront instance deployed.
  • We already have a S3 Bucket instance deployed.
  • You have admin access to AWS.
  1. Login into the admin panel as a AWS admin.
  2. Go to S3 bucket admin panel, locate the project and select it to see the details.
  3. Go to 'Properties', and scroll all the way down to 'static website hosting', and then copy the URL. Ex: "http://yourapplication-v1.s3-website.ca-central-1.amazonaws.com ".
  4. Go to to the CloudFront instance that is deployed and open it up to see the details.
  5. Click on 'origins' tab and look for the entry that has your old S3 bucket URL.
  6. Select that entry and click on 'Edit'.
  7. Replace the origin name with the new S3 bucket instance that is deployed (from step 3).
  8. Click 'Save'.
  9. Your CloudFront instance should now direct to the new S3 bucket instance.

FAQ

Do you need a question and answer section? If so, insert it here.

Related Pages

Are there other EML pages on the UBC wiki or documents on EML's Confluence that should be listed here?

Related Projects

Are there EML projects on the UBC wiki that should be mentioned here?


License

Some rights reserved
Permission is granted to copy, distribute and/or modify this document according to the terms in Creative Commons License, Attribution-ShareAlike 4.0. The full text of this license may be found here: CC by-sa 4.0
Attribution-Share-a-like