AWS:CloudFront中禁用了自定义SSL证书选项,但我使用AWS Certificate Manager创建了SSL证书 [英] AWS: Custom SSL certificate option is disabled in CloudFront, but I created a SSL certificate using AWS Certificate Manager
问题描述
我正在为我的亚马逊S3静态网站创建SSL证书。我使用证书管理器为我的域创建了SSL证书,其状态为已颁发。我正在创建CloudFront分配,但禁用了自定义SSL证书选项。
I am creating a SSL certificate for my amazon S3 static website. I created a SSL certificate using Certificate Manager for my domain and its status is 'Issued'. I am creating a CloudFront Distribution, but the Custom SSL Certificate option is disabled.
在我看到自定义SSL证书之前需要一些时间(一天或更长时间)吗?或者我做错了什么?
Will it take some time (a day or more) before I can see my custom SSL certificate? Or am I doing something wrong?
推荐答案
将与应用程序负载均衡器(ELB / 2.0)一起使用的证书需要是在ACM中与平衡器在同一区域中创建。
Certificates that will be used with an Application Load Balancer (ELB/2.0) need to be created in ACM in the same region as the balancer.
将始终需要在us-east-1中创建将与CloudFront一起使用的证书。
Certificates that will be used with CloudFront always need to be created in us-east-1.
要在Amazon CloudFront中使用ACM证书,您必须在美国东部(弗吉尼亚北部)地区申请或导入证书。此区域中与CloudFront分配相关联的ACM证书将分发到为该分发配置的所有地理位置。
To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
– http://docs.aws.amazon.com/acm/latest /userguide/acm-regions.html
原因是CloudFront不遵循区域边界模型在AWS中。 CloudFront边缘位置遍布全球,但是我们在东 - 1之间进行配置和管理 - 将其视为CloudFront的本地区域。一旦分发达到 Deployed 状态,它在操作上不依赖于us-east-1,但在配置期间,所有内容都来自该区域,因此这是唯一的ACM区域CloudFront可以访问。
The reason for this is that CloudFront doesn't follow the regional boundary model in AWS. CloudFront edge locations are all over the globe, but are configured and managed out of us-east-1 -- think of it as CloudFront's home region. Once a distribution reaches the Deployed state, it is not operationally dependent on us-east-1, but during provisioning, everything originates from that region, so that's the only ACM region that CloudFront can access.
这篇关于AWS:CloudFront中禁用了自定义SSL证书选项,但我使用AWS Certificate Manager创建了SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
