Skip to main content

AWS CloudFront

With an AWS CloudFront connector, you can use DigiCert​​®​​ Trust Lifecycle Manager to discover and manage certificates in the AWS CloudFront content delivery network (CDN).

The connector uses an on-premises DigiCert sensor within your network to help securely manage the integration with Amazon Web Services (AWS).

When you add the connector, Trust Lifecycle Manager discovers existing certificates in AWS CloudFront and adds them to your centralized inventory. From there, you can manage and automate certificate lifecycles in the CloudFront CDN to ensure you always have valid certificates deployed.

Before you begin

  • You need at least one active DigiCert sensor on your network to establish and manage the connection to AWS CloudFront. To learn more, see Deploy and manage sensors.

  • Make sure the sensor system is configured with your AWS credentials or that you have the AWS access key and secret key on hand to use to configure the connector, as described in the authentication methods section.

  • Make sure the AWS credentials you use are for an AWS account that includes the following AWS managed policies or equivalent permissions:

    • CloudFrontFullAccess

    • AWSCertificateManagerFullAccess

    • IAMReadOnlyAccess

Authentication methods

Trust Lifecycle Manager supports different methods for authenticating to your Amazon Web Services (AWS) account in an AWS CloudFront connector.

Use one of the following AWS authentication methods to set up the connector in Trust Lifecycle Manager. The Configuration parameters column shows the parameters you need to provide in Trust Lifecycle Manager for each authentication method.

For the Default AWS credential provider chain and AWS profile name authentication methods, the managing DigiCert sensor looks for the AWS config and credentials files in the following default directories, depending on the sensor operating system (OS):

Add the AWS CloudFront connector

To add the AWS CloudFront connector in Trust Lifecycle Manager:

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. Under Cloud services, select the option for AWS CloudFront.

  4. Fill out the Add connector form:

    • Name: Enter a friendly name for the connector to help identify it.

    • Business unit: Select a business unit for this connector for administrative purposes. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select an active DigiCert sensor on your network to establish and manage the connection to your Amazon Web Services (AWS) account.

    • Account ID: Enter the ID of your AWS account with the CloudFront instance to manage through Trust Lifecycle Manager.

    • Authentication method: Select an AWS authentication method and fill in the requested configuration parameters for it, as described in the authentication methods section above.

  5. Select Add to create the AWS CloudFront connector with the configured settings.

What's next

Discovery

  • Trust Lifecycle Manager discovers existing certificates and unsecured endpoints in the connected AWS CloudFront instance.

  • On the Integrations > Connectors page, select the connector by name to view the connector details and see the number of assets Trust Lifecycle Manager found on it. You can use the links in the Assets found section to view those assets in your inventory.

Automation