I was surprised at what I discovered when digging into the details
Part of my series on Automating Cybersecurity Metrics. AWS Organizations. IAM. Deploying a Static Website. The Code.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
In my last post I explained how to import the default route table for a VPC into your CloudFormation templates.
I got sidetracked for a minute (as always) and I need to wrap up some other thoughts on the brain which are related to deployment of static websites. Currently I’m deploying static websites in a Lambda function but eventually I have other ideas about web sites on web servers and I also needed a TLS certificate for another tool I was trying to deploy recently….which leads me to this post.
I typically just use AWS ACM certificates because I’m generally deploying static websites using Lambda functions, for example. For example, I deploy a static website to test for cross-site scripting flaws that can send requests to my own websites to do nefarious things. 😈
I was look at different ways to automate a private instance of Burp Collaborator — and that comes with certain challenges in regards to certificates. Most of the examples I see tell you to use Let’s Encrypt with a validation method that requires you to run a web server on your host. What? No thank you. More on that in another post but first, I really just wanted to use an AWS Certificate Manager certificate. I looked into that possibility and how that might work.
The key thing is that you need the certificate on your EC2 instance for end-to-end encrypted traffic. You also need to generate the certificates and provide them to Burp Collaborator in a manner it understands.
You need to use a wildcard TLS certificate for your domain name to make TLS connections to the Collaborator server. Can we create a wildcard certificate with ACM? Yes.
#certificates #reside #AWS #ACM #Trusted #Enclave #Teri #Radichel #Cloud #Security #Jan