Bahmni EKS clusters out of box comes with Kubernetes Ingress Controller Fake Certificate. End-to-end TLS encyprtion is required in order to ensure our channel / data transmission is encrypted and in addition its equally important for regularity requirements like PCI and HIPPA etc.
In this document articulates
Setting up end-to-end TLS encryption for EKS using AWS Certificate Manager and CloudFront
Redirect http to https
Note: Here is an alternate way to setup end-to-end encryption using aws-pca-issuer.
1️⃣ Issue a new certificate in AWS Certificate Manager
Navigate to AWS Certificate manager in us-east-1 and request for a new certificate for your domain. Two things to remember
The certificate should be issues in
us-east-1 (Virginia)in order to be used byCloudFrontUse wild card to support the same certificate by sub domains or list all your domains with sub domains e.g.
*.mybahmni.in(note that single * would only support single subdomain, if you have multiple subdomains such as sub1.sub2.example.com, then you would need to add multiple wildcards*.*.example.com)
Once the certificate is Issued, go inside the certificate and click "Create Record in Route 53" under Domains to create CNAME for the issued domain under Route53
2️⃣ Create CloudFront distribution
Create a new CloudFront distribution to