SSL certificate upload to AWS
Install aws command line utilities.
$ pip install awscli
Configure AWS credentials
Create IAM user and associate it with the IAMFullAccess policy. Run ‘aws configure’ and specify the user’s keys and the region.
Bring SSL key, certificate and intermediate certificate in current directory:
-rw-r--r-- 1 root root 4795 Apr 11 20:34 gd_bundle-g2-g1.crt
-rw-r--r-- 1 root root 1830 Apr 11 20:34 wildcard.mydomain.com.crt
-rw------- 1 root root 1675 Apr 11 20:34 wildcard.mydomain.com.key
Run following script for installing wildcard SSL certificate to be used in staging CloudFront setup:
$ cat add_ssl_cert_to_iam_for_prod_cloudfront.sh
aws iam upload-server-certificate --server-certificate-name WILDCARD_MYDOMAIN_COM_FOR_PROD_CF --certificate-body file://wildcard.mydomain.com.crt --private-key file://wildcard.mydomain.com.key --certificate-chain file://gd_bundle-g2-g1.crt --path /cloudfront/prod/
After uploading the SSL certificates, they will be available in drop-downs when configuring CloudFront for SSL.
Apache Cache-Control headers setup
- Add these directives (modifying max-age accordingly) in all Apache vhosts, both for port 80 and for port 443
Header set Cache-Control "max-age=604800, public"
- Origin: prod ELB (mydomain-production-lb-9321962155.us-west-2.elb.amazonaws.com)
- Alternate domain name: cdn.mydomain.com\
- SSL certificate: ID_OF_CERTIFICATE_UPLOADED_ABOVE
- Custom SSL client support: Only Clients that Support Server Name Indication (SNI)
- Domain name: eg7ac9k0fa3qwc.cloudfront.net
- /media/* /skin/* /js/*
- Viewer protocol policy: HTTP and HTTPS
- Allowed HTTP methods: GET, HEAD
- Forward headers: None
- Object caching: Use origin cache headers
- Forward cookies: None
- Forward query strings: Yes
- Smooth streaming: No
- Restrict viewer access: No
- Compress objects automatically: No
- cdn.mydomain.com is a CNAME pointing to the CloudFront domain name above eg7ac9k0fa3qwc.cloudfront.net
Base Skin URL: http://cdn.mydomain.com/skin
Base Media URL: http://cdn.mydomain.com/media
More in-depth Magento-specific instructions for integrating with CloudFront are available here.