Bahmni EKS clusters out of box comes with Kubernetes Ingress Controller Fake Certificate. End-to-end TLS encyprtion is required in order to ensure our channel / data transmission is encrypted and in addition its equally important for regularity requirements like PCI and HIPPA etc.
...
The certificate should be issues in
us-east-1 (Virginia)in order to be used byCloudFrontUse wild card to support the same certificate by sub domains or list all your domains with sub domains e.g.
*.mybahmni.in(note that single * would only support single subdomain, if you have multiple subdomains such as sub1.sub2.example.com, then you would need to add multiple wildcards*.*.example.com)
...
Once the certificate is Issued, go inside the certificate and "Create Record in Route 53" under Domains to create CNAME(s) for the issued domain(s) in Route53
...
Create a new CloudFront distribution
Origin domain: ingress host where the application is available e.g.
lite.eks.mybahmni.inSelect “HTTP only” under protocol
Select “Redirect HTTP to HTTPS” under Viewer protocol policy
Select “GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE” under Allowed HTTP methods
Under Alternate domain name (CNAME) - add the domain Alias for this CloudFront e.g.
lite.mybahmni.in(its important to add the Alternate domain name with matching alias name otherwise the CloudFront distribution would not show up while creating the A record in Route53)Under Custom SSL certificate - choose the certificate created in step #1
...