Versions Compared

Version Old Version 1 New Version 2
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A key issue is that the Voices project is managed separately. See the AWS page for details on switching accounts to the Community History Project account. You must be in the correct account for all of the steps.

Setup:

Create S3 Bucket for Website

...

This should only need to be done when we renew our SSL certs or if we change them. We are not using Amazon’s certificate creation service so we will need to import ours after making some changes to the format to work with AWS.

Editing Certificates

Amazon’s certificate manager requires PEM formatted keys. You will need the ssl key, intermediate certificate, and wildcard certificate.

For the wildcart certificate run

Code Block
openssl x509 -in CERTFILE -out CERTFILE.pem

For the key run

Code Block
openssl rsa -in KEYFILE -out KEYFILE.pem

The intermediate certificate is a bit trickier. OpenSSL’s default command doesn’t handle the three certificate chain well. So make 3 copies of the CA cert labeled 1-3 and in each one remove the other two certs. Then run

Code Block
openssl x509 -in CERTFILE-CA1.cert -outform PEM -out CERTFILE
-CA1.pem
openssl x509 -in CERTFILE-CA2.cert -outform PEM -out CERTFILE
-CA2.pem
openssl x509 -in CERTFILE-CA3.cert -outform PEM -out CERTFILE
-CA3.pem
cat CERTFILE-CA1.pem CERTFILE-CA2.pem CERTFILE-CA3.pem > CERTFILE-CA.pem

Importing Certificates

  1. Log onto AWS, and go to the Certificate Manager.

  2. Select the Import a certificate button

  3. Past the certificate in the certificate body, key in the key, and newly combined CA chain in the chain section.

  4. Name and save the certificate

Create Cloudfront CDN

This is required since S3 website endpoints do not support SSL.

  1. Open AWS Console and go to Cloudfront

  2. Select the Create Distribution button

  3. Choose the Web delivery method button

  4. For Origin domain name DO NOT USE THE AUTOFILL S3 bucket name! You must enter the website endpoint, which you can find in S3 by looking in properties → Static Website Hosting. It should look like: http://BUCKETNAME.s3-website-REGION.amazonaws.com

  5. Leave Origin Path blank, give a descriptive name for origin ID (Voices-Production)

  6. Viewer Protocol Policy should be changed to redirect HTTP to HTTPS

  7. Leave other settings standard until you see Compress Objects Automatically and set it to yes.

  8. In Distribution Settings change Price Class to only use US, Canada, and Europe (the cheapest option)

  9. For Alternate Domain Names, set the intended URL.

  10. For SSL Certificate set it to Custom SSL Certificate click the text box, the imported certificate should be there. Select it.

  11. Leave Custom SSL Client support at Clients that support Server Name Indication (SNI)

  12. Set logging to on

  13. For Bucket for Logs set Voices-Log

  14. For prefix uses cloudfront-staging/production.

  15. Set state to enabled, and select create distribution.

  16. The now created distribution has a domain name (XXXYYYZZ.cloudfront.net)

  17. Copy that and make a ticket for IT, and ask them to set a cname record that points the intended URL (step 9) to forward to the cloudfront domain name.

  18. When IT has completed this you are done.