Skip to content

Latest commit

 

History

History
51 lines (43 loc) · 2.83 KB

File metadata and controls

51 lines (43 loc) · 2.83 KB

Step 3: Create CloudFront Key Group

In this step you will create a trusted CloudFront key group. First you will create a public-private key pair. The key pair must meet the following requirements:

  • It must be an SSH-2 RSA key pair.
  • It must be in base64-encoded PEM format.
  • It must be a 2048-bit key pair.

Create Key Pair

There are different ways to create an RSA key pair. The following steps use OpenSSL to create a key pair.

  1. The following example command uses OpenSSL to generate an RSA key pair with a length of 2048 bits and save to the file named private_key.pem.
$ openssl genrsa -out private_key.pem 2048
  1. The resulting file contains both the public and the private key. The following example command extracts the public key from the file named private_key.pem and save to the file named public_key.pem.
$ openssl rsa -pubout -in private_key.pem -out public_key.pem

Upload Public Key

  1. On Amazon CloudFront Management Console
  2. In the navigation menu, choose Public keys.
  3. Choose Add public key.
  4. In the Add public key window, complete the following and choose Add.
  • For Key name, type a name to identify the public key.
  • For Key value, copy and paste the contents of the public key. If you followed the steps in the preceding procedure, the public key is in the file named public_key.pem.
  • (Optional) For Comment, add a comment to describe the public key.
  1. Record the public key ID. You will use it later section.

Create Key group

  1. In the navigation menu, choose Key groups.
  2. Choose Add key group.
  3. On the Create key group page, do the following:
  • For Key group name, type a name to identify the key group.
  • (Optional) For Comment, type a comment to describe the key group.
  • For Public keys, select the public key to add to the key group, then choose Add.
  1. Choose Create key group.

Associate Key group

  1. In the navigation menu, choose Distributions.
  2. Choose the Distribution ID link you created in Step 2.
  3. Choose the Behaviors tab.
  4. Select the cache behavior and then choose Edit.
  5. On the Edit Behavior page, do the following:
  • For Trusted Key Groups or Trusted Signer, choose Trusted Key Groups.
  • For Trusted Key Groups, choose the key group to add, and then choose Add.
  1. Choose Yes, Edit to update the cache behavior.

In this step you generated a public-private key pair, created a CloudFront Key group with a public key, and associated the Key group to your CloudFront distribution.

In Step 4 we will create a secret in AWS Secrets Managers.