How to solve SSL Certificate not showing in AWS CloudFront

Most likely you already have an SSL Certificate in AWS Certificate Manager (ACM). Then when you go to configure it in CloudFront you cannot select the radio button that says Custom SSL Certificate (example.com) or your SSL Certificate does not show in the options.

The reason for this is that your SSL Certificate should be in the N. Virginia Region (us-east-1).

If you look closely on the words below the selection it says You can use a certificate stored in AWS Certificate Manager (ACM) in the US East (N. Virginia) Region, or you use a certificate stored in IAM.

This is also stated in the AWS CloudFront Documentation regarding the use of Alternate Domain Names and HTTPS.

Request or upload your SSL Certificate in AWS Certificate Manager in N. Virginia Region (us-east-1) and your SSL Certificate should show on the selection.

With this you can now use HTTPS to access your services when you are working with CloudFront.

How to solve Failed-Activating Windows in AWS EC2

Sometimes when I create a Windows EC2 Instance from one of my custom AMIs I get an activation failed Windows Server.

Follow the instruction below to Activate your Windows Instance. (For Windows Server 2016, 2019 and later only).

Activate Windows Manually using EC2Launch initialization script

Open Powershell on your Windows Server and run the command below.

C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1; cscript "${env:SYSTEMROOT}\system32\slmgr.vbs" /ato

Notes:

  • No need to run Powershell in administrator mode.
  • No need to restart your instance. Once you run the above command, the Activate Windows on your desktop will disappear.
  • This will not update the local Administrator password

There are other ways to Activate Windows on your AWS EC2. You can check them all here.

Adding a Volume without Restart in Windows EC2

When I create Windows Instances in AWS EC2, I usually forget to add a drive or two. With this step-by-step tutorial, I will walk you through how to create a new Volume for EC2 Instances, then make Windows use the new Volume without a reboot.

  • Initial Setup
  • Creating and Attaching the Volume in AWS EC2 Console
  • Adding the new Volume to Windows System

Initial Setup

I launched a EC2 Windows 2016 Server with only 1 Block Device (/dev/sda1), which is also my Root Device.

AWS EC2 Console

Note the Availability Zone where your instance is located, you will need this later. Mine is in us-east-1a.

Looking inside Windows it only has 1 volume.

File Explorer
Disk Management

Creating and Attaching the Volume in AWS EC2 Console

Now we need to attach a new Volume for our Windows Server.

Go to AWS EC2 Console, on the left sidebar click on Volumes.

Continue reading Adding a Volume without Restart in Windows EC2

How to Get Lambda Runtime Region via Python

To get the AWS Region where your Lambda Function is running you will need to import the os module.

import os

Then from the os module, you need to get the value of AWS_REGION from the environ mapping variable. This will return the AWS Region where the Lambda Function is running.

runtime_region = os.environ['AWS_REGION']

Note: The way of getting the Runtime AWS Region of your Lambda Function is the same as when you get a Lambda Environment Variable.

Continue reading How to Get Lambda Runtime Region via Python

Creating a Public SSL/TLS Certificate in AWS Certificate Manager

If you plan to make the communication of your site visitors to be secure by using HTTPS then you need to use Public SSL/TLS Certificate. You can do this by requesting for a Public Certificate via AWS Certificate Manager (ACM).

Below are the advantages of using Public SSL/TLS Certificate provided by AWS Certificate Manager.

  • No charges = Free.
  • Auto renew – No need to worry on expiring SSL/TLS Certificate. ACM Automatically does this for you.
  • Easy integration with Amazon Web Services (AWS) products such as CloudFront, Elastic Load Balancer, API Gateway and many more.

Check the step-by-step guide on how you can request a Public SSL/TLS Certificate for HTTPS access of your website/domain.

Requesting for a Public SSL/TLS Certificate

Login to AWS Console and head to AWS Certificate Manager.

Note: AWS Certificate Manager is a regional service, therefore make sure to be in the correct AWS Region. If you are new to AWS just select N. Virginia (us-east-1) as it is one of the cheapest regions.

On the AWS Certificate Manager page, click on Get started.

On the next screen, make sure to select the Request a public certificate, then click on Request a certificate.

Under Add domain names. Enter the following.

*.[Your Domain]
Example:
*.chargedneutron.com
The * represents a wildcard. This will allow you to use the SSL Certificate to any subdomains that you want like www.domain.com, images.domain.com, sites.domain.com, mobile.domain.com
[Your Domain]
Example:
chargedneutron.com
Apex Domain or Naked Domain Name. Your domain name without subdomains. Use this if you do not want to use www in front of your website.

Then click on Next.

Select DNS Validation, then click on Review.

Continue reading Creating a Public SSL/TLS Certificate in AWS Certificate Manager

Using GoDaddy Domain in AWS Route 53

To easily GoDaddy Domains with Amazon Web Services (AWS) products such as Elastic Load Balancers, CloudFront, API Gateway, etc., you will need to associate your domain with AWS Route 53.

Follow the step-by-step tutorial below on how to associate your GoDaddy Domain to Amazon Route 53.

For the purpose of demonstration, I will be using my sample domain name – chargedneutron.com.

Setup AWS Route 53 Hosted Zone

Login to AWS Console and then go to Amazon Route 53.

On the welcome screen of Route 53, click on Get started now.

Amazon Route 53 Welcome Screen

Click on Create Hosted Zone.

Click again on Create Hosted Zone.

A sidebar will show asking for you to input the following details about your domain.

Domain Name:[Name of your Domain in GoDaddy] (Required)
Comment:[Put your comment here]
Type:Public Hosted Zone

Then click on Create.

You will then be redirected to the Hosted Zone Record Set page. Two entries are automatically created, NS and SOA Type.

Continue reading Using GoDaddy Domain in AWS Route 53

Resizing Storage Volume for AWS EC2 Windows without Restarts/Downtime

Problem: You are running a critical Windows Server on AWS EC2 and the C: drive is almost full (storage volume) but it should zero downtime (No Restart, No Stop then Start). Is this possible on AWS EC2?

Yes, it is possible.

Check the instructions below.

Test Windows Server

AMI Microsoft Windows Server 2016 Base
Instance Type t2.micro
Storage 30 GiB – General Purpose SSD (gp2)

Storage Size

We are increasing the Storage size from 30 GiB to the target size of 50 GiB.

You can set any size that you want as long as it is bigger than the current size.

Resizing Storage

To resize the volume of the Windows Drive on AWS you can follow the steps below. Continue reading Resizing Storage Volume for AWS EC2 Windows without Restarts/Downtime

Running Minikube in AWS EC2 (Ubuntu)

If you are studying Kubernetes and having a hard time running Minikube on an EC2 Instance, you are not alone. I had a hard time doing it when it was my first time.

Below are the steps (and some comments) that I took to help me run Minikube on my EC2 Instance.

Installation of Minikube on EC2 Ubuntu

1. Run a public EC2 Server with the following setup

AMI Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
Instance Type t2.micro
Storage 8 GB (gp2)
Tags – Key: Name
– Value: Minikube
Security Group Name: Minikube Security Group
– SSH, 0.0.0.0/0
Later we will be editing this.
Key Pair Create your own keypair.
You will need this to SSH to your EC2 Instance

The above setup is within the AWS Free Tier so you could try Minikube on EC2 without spending money. But you can run Minikube on a bigger instance if you like.

2. SSH into your created EC2 Instance using your keypair.

ssh [email protected]<ipv4_public_ip> -i <keypair>.pem

3. Install kubectl

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl

4. Install Docker

sudo apt-get update && \
    sudo apt-get install docker.io -y

Minikube requires Docker. Continue reading Running Minikube in AWS EC2 (Ubuntu)