AWS Elastic Load Balancing (ELB)
With an AWS ELB (Application/Network) connector, you can use DigiCert® Trust Lifecycle Manager to discover and manage certificates for Application Load Balancers (ALB) and Network Load Balancers (NLB) as part of the AWS Elastic Load Balancing (ELB) service.
The connector uses an on-premises DigiCert sensor within your network to help securely manage the integration with Amazon Web Services (AWS).
When you add the connector, Trust Lifecycle Manager discovers existing certificates in the AWS Application or Network Load Balancers and adds them to your centralized inventory. From there, you can manage and automate certificate lifecycles for the load balancers to ensure they always have valid certificates installed.
Before you begin
You need at least one active DigiCert sensor on your network to establish and manage the connection to the AWS ELB service. To learn more, see Deploy and manage sensors.
Make sure the sensor system is set up with your AWS credentials or that you have the AWS access key and secret key on hand to use to configure the connector, as described in the authentication methods section.
Make sure the AWS credentials you use are for an AWS account that includes the following AWS managed policies or equivalent permissions:
ElasticLoadBalancingFullAccessAWSCertificateManagerFullAccess
Authentication methods
Trust Lifecycle Manager supports different methods for authenticating to your Amazon Web Services (AWS) account in an AWS ELB (Application/Network) connector.
Use one of the following AWS authentication methods to set up the connector in Trust Lifecycle Manager. The Configuration parameters column shows the parameters you need to provide in Trust Lifecycle Manager for each authentication method.
For the Default AWS credential provider chain and AWS profile name authentication methods, the managing DigiCert sensor looks for the AWS config and credentials files in the following default directories, depending on the sensor operating system (OS):
Add the AWS ELB (Application/Network) connector
To add the AWS Elastic Load Balancing (ELB) connector in Trust Lifecycle Manager:
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
Under Cloud services, select the option for AWS ELB (Application/Network).
Fill out the Add connector form:
Name: Enter a friendly name for the connector to help identify it.
Business unit: Select a business unit for this connector for administrative purposes. Only users assigned to this business unit can manage the connector.
Managing sensor: Select an active DigiCert sensor on your network to establish and manage the connection to your Amazon Web Services (AWS) account.
Account ID: Enter the ID of your AWS account with the AWS ELB load balancers to manage through Trust Lifecycle Manager.
AWS region: Enter the AWS region for the ELB instance with the load balancers to connect to.
Authentication method: Select an AWS authentication method and fill in the requested configuration parameters for it, as described in the authentication methods section above.
Select Add to create the AWS ELB connector with the configured settings.
What's next
Discovery
Trust Lifecycle Manager discovers existing certificates and unsecured endpoints on any Application Load Balancers (ALB) or Network Load Balancers (NLB) it finds in the connected AWS ELB instance.
On the Integrations > Connectors page, select the connector by name to view the connector details and see the number of assets Trust Lifecycle Manager found on it. You can use the links in the Assets found section to view those assets in your inventory.
When viewing an AWS ELB certificate in your inventory, the Location column shows the applicable load balancer where it's deployed.
Automation
To automate management of certificates on a connected AWS load balancer, set up certificate lifecycle automation.
Select the
DigiCert sensorenrollment method in any certificate automation profiles you create for managing AWS ELB certificates.