6

I made a frontend in aws amplify and created a custom domain over amplify with route 53. Then I created a subdomain, for example api.domain.com for my spring boot backend rest api. The subdomain only uses http. For using it with https I need to specify:

server.ssl.key-store, server.ssl.key-store-password and server.ssl.keyAlias

In the documentation I found the following hint but I can't get access to the certificate on Amazon Certificate Manager (ACM): AWS Amplify Console generates a free HTTPS certificate on all pages and automatically activates it on all Route53 managed domains. The SSL certificate is generated by Amazon Certificate Manager and supports wildcard domains. ACM handles the complexity of creating and managing public SSL/TLS certificates for your AWS-based Web sites and applications. With the wildcard option, the main domain and all subdomains are covered by a single certificate.

So the question is, how to get access to the information I need to specify in spring boot?

3r1c
  • 376
  • 5
  • 20
  • "spring boot backend rest api" is it running on an ec2 instance? – Marcin Aug 16 '20 at 07:22
  • yes it is running on ec2. The main problem I have is that I don't get access to the credentials of the certificate since I can't find it in the AWS certificate manager. – 3r1c Aug 17 '20 at 08:18
  • You can't use ACM on instances. Its only can be usef for Load Balancer, Cloud Front distro, Api gateway. I will provide an answer with more info. – Marcin Aug 17 '20 at 08:20
  • [Khaled Ali](https://stackoverflow.com/users/7458697) posted an [Answer](https://stackoverflow.com/a/66961248) saying "it seems that it may take some time to be developed or maybe never will!!, issue is discussed @ [https://github.com/aws-amplify/amplify-console/issues/56](https://github.com/aws-amplify/amplify-console/issues/56) since 2019" – Scratte Apr 19 '21 at 16:46

1 Answers1

4

Based on the comments.

The ACM certs can only be used on a load balancer, API gateway and CloudFront distribution. They can't be used on an EC2 instance.

There are two options to rectify the issue:

  • Add load balancer in front of your EC2 instance, a CloudFront distribution or proxy your API through API gateway. On these AWS services you can just install your ACM cert.
  • Setup SSL certificate on the instance itself. To do this you have to get a third party certificate. A popular choice is https://letsencrypt.org/ which provides free public certificates.
Marcin
  • 215,873
  • 14
  • 235
  • 294
  • thank you for your answer. If I want to use load balancer I also need to have access to the data of the certificate (server.ssl.key-store, server.ssl.key-store-password and server.ssl.keyAlias) where to find those? – 3r1c Aug 18 '20 at 14:42
  • @3r1c I don't think so. Can you provide examples of these values, what they look like for other ssl keys. Amplify is AWS product and it should integrate nicely with ACM. – Marcin Aug 18 '20 at 21:11
  • I can confirm that a wildcard certificate generated for an Amplify web application does *not* show up in ACM. – JGarrido Oct 16 '22 at 22:19