# Demonstration of AWS Certificate Manager with Elastic Load Balancer and Route 53.

**AWS Certificate Manager (ACM):** Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services are used to install ACM certificates. The most common application for this type is a secure public website with high traffic demands. ACM also facilitates security administration by automating certificate renewal. It enhances the overall performance, reliability, and fault tolerance of applications deployed in AWS environments. Route 53 is used for managing DNS configurations and domain settings. It provides a powerful API that allows users to programmatically automate DNS management tasks.

### **Prerequisite**

* Before proceeding with ACM please make sure you have a domain name.
    
* you should be able to create an EC2 Instance (if you don't know, you can read my blog [click here](https://blog.abishekgautam.com.np/how-to-host-a-static-website-in-aws-ec2))
    

## Let's begin the Demonstration

**Step 1:** You need to create an EC2 instance that contains user data. If you don't know you can read out my blog. For now, we have created an instance named "Demo server".

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684944239613/b44d7ac3-1efb-4a3d-9801-76e8fbac11c0.png align="center")

* copy and paste the public IPv4 address in the browser.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945185417/f7c4929c-8da2-4099-a559-4c56473da46c.png align="center")

* you can see the website being hosted
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945217990/2f41b005-3225-4a06-a76f-208d92246b9b.png align="center")

* but it's not secure you can see that "connection not secure"
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945340381/00e5b5ab-e3d2-41fb-a102-3de8376bfd2f.png align="center")

* so, when we try to put the https:// for the secure connection it says unable to connect.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945407319/a7b467b2-4a1f-4b60-bf49-0d441c0aff39.png align="center")

**Step 2:** On the management console search for <mark>Certificate Manager</mark> and click on it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945437256/cee0cb69-6364-43c4-a840-4617a11c9047.png align="center")

* now select the "**Request a certificate**" button.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945442789/501769d3-019c-4e64-bd65-a75ba60e3180.png align="center")

* under the **Certificate type** choose **Request a public certificate** and click on **Next**
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945447104/e3736f4c-d6d4-477d-8d10-79102db74027.png align="center")

**Step 3:** Under the Domain names give a domain name or sub-domain that you want the users to use for accessing the website and choose the DNS validation,

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684950910268/8b312215-95fd-44da-b6f3-f96e2407486d.png align="center")

* leave the Key algorithm as default and click on the **Request** button.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945452093/ddc242ca-0a9d-44db-b0c9-b798cf3abd78.png align="center")

**Step 4:** You can see that **Domains(1)** but the status is Pending and under the right side you can see the **"Create records in Route53"** Click on it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945565828/4868d8ca-ddc3-4628-b940-9854d2153ab5.png align="center")

* Now select the Domain on the blue checkbox and click on **Create records.**
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945572152/72e5dd96-2187-4288-ad1a-c67e9c324494.png align="center")

* You can see that the **Status** of the Certificate is <mark>Pending Validation</mark> wait for a few minutes.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945631169/1e61f164-b24a-4cd5-a832-ba6326fcd689.png align="center")

* Now the status of the Certificate is changed to <mark>Issued</mark> and you can see that the domain status is "Sucess".
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945641042/96e85633-f8e3-466e-9d0a-6a5dfcb07886.png align="center")

**Step 5:** Now, under the Dashboard of EC2 select the Target Groups.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945678241/d125b0ae-efd0-4899-b0fa-2d8a18b1c252.png align="left")

* click on the Create target group
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945683606/4a7762dc-d0d3-4b8f-80a3-b06ae3dc3b75.png align="center")

**Step 6:** Leave everything as default (choose target type <mark>Instance</mark> ) and give a target name for now we give it "<mark>acm-demo-TG</mark>" After that you will see the following window.

* now select the Instance ID on the checkbox and Include it as pending below.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945686816/4fbb712a-ed1a-4fe5-ba85-b21a5758b564.png align="center")

* now Click on the Create target group.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945695298/7941972c-4a2f-4944-9896-80b8a158e847.png align="center")

**Step 7:** From the Dashboard of EC2 click on Load Balancers.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945712696/ab9c78eb-4482-4c44-aae6-c5129becfab2.png align="left")

* Choose the Application Load Balancer and Click on **Create.**
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945743726/e6b51854-ce98-44d4-a8e9-dd0e36c77cbb.png align="left")

**Step 8:** Under Basic configuration give a Load balancer name for now say "<mark>acm-demo-alb</mark>" and leave others default like **Scheme:** <mark>Internet-facing </mark> and **Ip address type**:<mark>IPv4</mark>

* Under the Network mapping choose different availability zones
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945748911/2694f03a-f37e-428e-b9fb-238a7086f979.png align="left")

* From the Security groups choose the group created while launching the EC2 instance.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945763978/3683fe5b-6864-4aed-8b88-28df3cf56a7a.png align="left")

* Under the **Listeners and routing** choose **<mark>Forward to</mark>** of **Default action** and select the Target Group created for now we select the **"acm-demo-TG".**
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945768026/8542ff0b-d30a-47b0-b934-0721d60d41b5.png align="left")

* After you save, click on View load balancer.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945770450/95ea3848-4b70-4cbf-93f3-a208d6aae508.png align="center")

* As you can see that our load balancers is on <mark>provisioning</mark> State wait for few minutes
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945772726/40a9538c-0b9d-4a47-abcf-f294c353a86d.png align="center")

* now you can see it's in <mark>Active</mark> state
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945776232/3c585c7d-f8c2-468d-8c66-1ce9722ddc91.png align="center")

**Step 9:** Now under the Hosted zone details Click on <mark>Create record</mark>.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945779559/e66cc954-4ed2-406f-950a-1404dd4221e9.png align="center")

**Step 10:** Under the Quick create record field give a Record name, select on <mark>Alias</mark> From Route traffic to select the <mark>Alias to Application and Classic Load Balancer and choose the Availability zone same as the Network mapping</mark> we selected previously and lastly select the <mark>DNS name of our load balancer</mark>. and click on Create records.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945783411/9a9ba63d-fa84-44c7-9c6d-96c6c1a8a417.png align="center")

**Step 11:** Now copy and paste our domain from Route 53. and paste it on the browser.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945792087/3713a48c-177f-4a4f-a524-4c52cf8c1263.png align="center")

* you can see that the site is still insecure
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945800639/7167b0e5-b260-46dc-a2ae-a6b3e8491f93.png align="center")

**Step 12:** From the Dashboard of EC2 &gt; Select the Load balancer &gt; Select the Listeners and click on Add listeners on the right side.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945807272/51f64e76-09ab-4833-b138-4a0e5aa3f95d.png align="center")

**Step 13:** Now under the Default actions select **<mark>Forward to</mark>** and under Target group <mark>select the target group</mark> we created earlier, for now, "say acm-demo-TG"

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945819975/489ac2a0-8f17-47e6-bdd2-053d6e213aad.png align="center")

**Step 14:** Under the Secure Listener settings from Default SSL/TLS certificate *<mark>Select a certificate.</mark>*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945823740/2202ef73-e422-4e6e-acec-261bfae526e2.png align="center")

* After selecting a certificate click on Add.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945833036/6adafa9c-738e-4a34-9766-5392b0613ab7.png align="center")

**Step 15:** Now paste the domain name in the browser. you can see that it's secure under https but when you enter the domain name with http its renders and it's insecure so we must redirect the http port to https port to make it secure.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945836444/5a245d57-9155-4392-a944-b41f5abcdeeb.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945792087/3713a48c-177f-4a4f-a524-4c52cf8c1263.png align="left")

* Now to redirect the http port into https port we do the following changes.
    
* From the **Load balancer** Select the **Listeners** and you can see the following two ports.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945839473/70a61cb9-3978-42ea-9acf-eab6aece7108.png align="center")

**Step 16:** Select the HTTP:80 port and From Action select the Edite listener.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945845985/c38e1d39-a7a8-472c-aa36-577423d60b2b.png align="center")

**Step 17:** Now under **Listener details** choose the Redirect and enter <mark>443</mark> at Port and Save changes.

* paste the domain name with http
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945865737/b8162d59-bbd0-40b8-8e8a-121febf25b48.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684945937904/973f7828-14b1-4d2c-a5fc-78a94a18260e.png align="center")

Finally, you have completed the Demostration and you have made your site secure when you even try to open with http it will automatically redirect to https port.

CONGRATULATIONS!!!

Keep Learning...
