Устанавливаем AWS CLI:
$ sudo pacman -S aws-cli
Настраиваем именованный профиль:
[simterm]
$ aws configure --profile tag AWS Access Key ID [None]: AKI***EBA AWS Secret Access Key [None]: +Pw***5l5 Default region name [None]: eu-west-1 Default output format [None]: json
[/simterm]
Проверяем имеющиеся сертификаты:
[simterm]
$ aws --profile tag iam list-server-certificates { "ServerCertificateMetadataList": [ ... { "Path": "/cloudfront/tag/", "ServerCertificateName": "cloudfront_wildcard_tag_com", "ServerCertificateId": "ASCAJIZTSEOAPTYTQASJ2", "Arn": "arn:aws:iam::884660938610:server-certificate/cloudfront/tag/cloudfront_wildcard_tag_com", "UploadDate": "2015-11-13T18:39:52Z", "Expiration": "2017-09-21T23:59:59Z" } ] }
[/simterm]
Новый сертификат, промежуточный сертификат и приватный ключ локально, на рабочей машине:
[simterm]
$ ls -l | grep 'crt\|key' -rw-r--r-- 1 setevoy setevoy 1716 Aug 3 09:13 IntermediateCA.crt -rw-r--r-- 1 setevoy setevoy 2174 Aug 3 09:13 ssl_certificate.crt -rw-r--r-- 1 setevoy setevoy 1704 Sep 11 12:22 star_tag_com-private-key_2017.key
[/simterm]
Загружаем сертификат в AWS.
Path должен начинаться с /cloudfront
:
[simterm]
$ aws --profile tag iam upload-server-certificate \ > --server-certificate-name 08_2017_cloudfront_star_tag_com \ > --certificate-body file://ssl_certificate.crt \ > --private-key file://star_tag_com-private-key_2017.key \ > --certificate-chain file://IntermediateCA.crt \ > --path /cloudfront/tag/ { "ServerCertificateMetadata": { "Path": "/cloudfront/tag/", "ServerCertificateName": "08_2017_cloudfront_star_tag_com", "ServerCertificateId": "ASCAIVOKVAUWKOSCO46BC", "Arn": "arn:aws:iam::884660938610:server-certificate/cloudfront/tag/08_2017_cloudfront_star_tag_com", "UploadDate": "2017-09-11T09:47:08.624Z", "Expiration": "2018-09-21T23:59:59Z" } }
[/simterm]
Проверяем:
[simterm]
$ aws --profile tag iam list-server-certificates --path-prefix /cloudfront/ { "ServerCertificateMetadataList": [ { "Path": "/cloudfront/tag/", "ServerCertificateName": "08_2017_cloudfront_star_tag_com", "ServerCertificateId": "ASCAIVOKVAUWKOSCO46BC", "Arn": "arn:aws:iam::884660938610:server-certificate/cloudfront/tag/08_2017_cloudfront_star_tag_com", "UploadDate": "2017-09-11T09:47:08Z", "Expiration": "2018-09-21T23:59:59Z" }, { "Path": "/cloudfront/tag/", "ServerCertificateName": "cloudfront_wildcard_tag_com", "ServerCertificateId": "ASCAJIZTSEOAPTYTQASJ2", "Arn": "arn:aws:iam::884660938610:server-certificate/cloudfront/tag/cloudfront_wildcard_tag_com", "UploadDate": "2015-11-13T18:39:52Z", "Expiration": "2017-09-21T23:59:59Z" } ] }
[/simterm]
Обновляем сертификат в CloudFront:
(либо через CLI update-distribution
).
Готово.