AWS证书管理器-区域重要吗? [英] AWS Certificate Manager - Do regions matter?
问题描述
当只有1个区域可用时(我认为是US-West-1区域?),我已经从AWS Certificate Manager(ACM)获得了证书,并且目前正与Cloudfront一起使用以托管澳大利亚市场网站.
>现在ACM是可在更多地区使用,使用从悉尼地区创建的证书是否会对性能有所改善?
ACM现在支持多个区域,但这对与CloudFront一起使用的证书没有任何影响.
要将ACM证书与Amazon CloudFront一起使用,您必须在美国东部(弗吉尼亚北部)地区请求或导入该证书.与CloudFront分配相关联的该区域中的ACM证书将分配到为该分配配置的所有地理位置.
https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
其原因是,与大多数AWS服务不同,CloudFront服务的区域实施独立于所有其他区域,而CloudFront的所有调配/管理基础架构均基于us-east-1.
可操作基础结构在全球范围内分布且独立,因此CloudFront的集中管理不会影响性能.如果您遇到性能问题,则应单独进行调查.
ACM的新区域公告不适用于CloudFront.它适用于与ACM集成的其他服务,Elastic Load Balancer,该服务以前仅在us-east-1中支持ACM证书,因为那是唯一可用的区域,并且ELB区域彼此完全独立.
后续行动:此答案于最初发布两年后于2018年5月进行了审核,然后于2020年夏季再次进行了审查.按照书面规定,此答案仍然准确.始终在ACM的us-east-1区域中提供CloudFront的证书(以及API Gateway中针对EdgeFront进行边缘优化的部署的证书,这些证书对CloudFront有所隐藏).由于CloudFront的控制平面在us-east-1中运行,因此没有令人信服的理由期望这种情况会发生改变.
I already have a certificate from AWS Certificate Manager (ACM) when only the 1 region was available (think the US-West-1 region?) and currently being used with Cloudfront to host a website for the Australian market.
Now that ACM is available in more regions, would using a certificate created from the Sydney region have any improvements in performance?
ACM now supports multiple regions, but that doesn't have any implications for certificates for use with CloudFront.
To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
The reason for this is that CloudFront, unlike most AWS services, where the regional implementation of the service is independent of all other regions, has all of its provisioning/administrative infrastructure based in us-east-1.
The operational infrastructure is globally distributed and independent, so the centralized management of CloudFront doesn't have performance implications. If you have performance issues, those should be investigated separately.
The announcement of new regions for ACM doesn't apply to CloudFront. It's applicable to the other service integrated with ACM, Elastic Load Balancer, which previously only supported ACM certificates in us-east-1 because that was the only region in which they were available, and ELB regions are fully independent of each other.
Follow-up: This answer was reviewed in May, 2018, two years after it was originally posted, and then again in the summer of 2020. It is still accurate, as written. Certificates for CloudFront (as well as for Edge-Optimized deployments in API Gateway, which have a somewhat hidden dependency on CloudFront) are always provisioned in the us-east-1 region of ACM. There is no compelling reason to expect this to change, as CloudFront's control plane runs in us-east-1.
这篇关于AWS证书管理器-区域重要吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
