So recently I needed to add SSL capability to an Amazon Elastic Load Balancer (ELB) which actually meant :
– Get the certificate, having created a new CSR and Private key on the machine of your choice
– Uploading the Private key, CSR and Certificate into Amazon using Amazon Web Services (AWS) Identity and Access Management service (IAM)
So the first challenge was getting the command line tools and creating the relevant identity files.
Download the AWS command line tools and put them somewhere you want to use them from, I put them in /use/local/IAMCLI which I then added to my .bash_profile using the settings below (this bit is optional, but makes your life easier):
# Added for AWS CLI
export AWS_IAM_HOME=/usr/local/IAMCli
export PATH=${AWS_IAM_HOME}/bin:$PATH
export AWS_CREDENTIAL_FILE=${HOME}/path_to_credential_file/credential_file
The AWS_CREDENTIAL_FILE is as below and the information to put in the file you get from the “Security Credentials” tab under your account settings, add in the ID of the access key you want to use, and click on “show” to reveal the key to use, create the file and ensure you put it in the location you added into your .bash_profile. Observant people will notice this doesn’t work if you deal with multiple AWS accounts, you can always use the optional -aws-credential-file when using the command line tools to point to the credential file you want to use.
AWSAccessKeyId=STUPID_LONG_ID
AWSSecretKey=Stupid_long_key
To upload the certificate:
$ iam-servercertupload -b public-key.pem -c .cert-chain-file.pem -k private-key.pem -s domain.name
To check the certificate is in place:
$ iam-servercertgetattributes -s domain.name
And should you need to delete the certificate:
$ iam-servercertdel -s domain.name
Now when you create the ELB, select “Secure HTTP Server” from the common applications list and save, then when you continue to the next page you should be given the option to “Choose from your existing SSL Certificates”