0

Do you know where your certificates reside when you use AWS ACM with a “Trusted Enclave”? | by Teri Radichel | Cloud Security | Jan, 2024

Share

I was surprised at what I discovered when digging into the details

Teri Radichel
Cloud Security

Part of my series on Automating Cybersecurity Metrics. AWS Organizations. IAM. Deploying a Static Website. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In my last post I explained how to import the default route table for a VPC into your CloudFormation templates.

I got sidetracked for a minute (as always) and I need to wrap up some other thoughts on the brain which are related to deployment of static websites. Currently I’m deploying static websites in a Lambda function but eventually I have other ideas about web sites on web servers and I also needed a TLS certificate for another tool I was trying to deploy recently….which leads me to this post.

I typically just use AWS ACM certificates because I’m generally deploying static websites using Lambda functions, for example. For example, I deploy a static website to test for cross-site scripting flaws that can send requests to my own websites to do nefarious things. 😈

I was look at different ways to automate a private instance of Burp Collaborator — and that comes with certain challenges in regards to certificates. Most of the examples I see tell you to use Let’s Encrypt with a validation method that requires you to run a web server on your host. What? No thank you. More on that in another post but first, I really just wanted to use an AWS Certificate Manager certificate. I looked into that possibility and how that might work.

The key thing is that you need the certificate on your EC2 instance for end-to-end encrypted traffic. You also need to generate the certificates and provide them to Burp Collaborator in a manner it understands.

You need to use a wildcard TLS certificate for your domain name to make TLS connections to the Collaborator server. Can we create a wildcard certificate with ACM? Yes.

#certificates #reside #AWS #ACM #Trusted #Enclave #Teri #Radichel #Cloud #Security #Jan