12

I am using EC2 and working with NGINX (by PuTTY); I chose AWS Public Certificate therefore I understood that to use HTTPS I need to configure the NGINX too.
I found some tutorial about it, but everywhere they add ssl_certificate and ssl_certificate_key that I haven’t seen in AWS certification.

How I can find AWS SSL certificates and ssl_certificate_key?
Or is there another solution for this?

greybeard
  • 2,249
  • 8
  • 30
  • 66
Yoni
  • 155
  • 1
  • 1
  • 8

3 Answers3

19

You can only use ACM SSL certificates with AWS Load Balancers, CloudFront and API Gateway. it is not possible obtain the certificate from ACM and install it directly on a server.

You can attach certificates issued with ACM to the AWS Load balancer and hide your instance behind the load balancer, more on this here

If you want to manage ssl directly on your Nginx you will need to issue certificate with another tool i.e letsencrypt.

Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

Aliaksei Stadnik
  • 1,692
  • 3
  • 15
  • 32
  • 1
    Amazon has removed letsencrypt support from more recent AWS Linux versions. In our case we'll have to look for another free solution and remake our entire configuration scripts – epol Jun 30 '21 at 16:46
  • 1
    While this answer may be the high level overview of the problem, the link provided to AWS doesn't really establish a clear solution to the OP's question; as I have the same question, followed setting up a load balancer, but am unable to get `https` to work. I believe this has to do with a necessary change to `nginx` config, but no where in the link/solution is that clear. – smgeneralist Sep 18 '22 at 17:37
2

it is now possible by using:

AWS Certificate Manager for Nitro Enclaves

https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html

https://aws.amazon.com/about-aws/whats-new/2020/10/announcing-aws-certificate-manager-for-nitro-enclaves/

Chris
  • 29
  • 2
  • 1
    "Nitro Enclave" is an isolated execution environment in AWS. It is way far from the need to "import AWS ACM public certification to Nginx running inside EC2". – StoneLam Nov 01 '21 at 02:28
  • not sure what you meant, but nitro enclaves does exactly what OP asked - provides access to ACM certificate for use in nginx – Chris Jan 25 '22 at 19:32
2

It is now possible with Nitro Enclaves, but is rarely a good solution for a single-instance NGINX host. At the moment, an ec2 nitro enclave demands a full 2 vcpus for itself. Unless the instance is large enough to trivially spare 2 vcpus, this method likely involves a bump in ec2 instance size, which eliminates any cost or simplicity advantage over using a load balancer.

dpattison
  • 21
  • 1