
Custom SSL Domain Names and Root Domain Hosting for Amazon CloudFront - mattyb
http://aws.typepad.com/aws/2013/06/custom-ssl-domain-names-root-domain-hosting-for-amazon-cloudfront.html
======
pfg
Pricing, since it's not explicitly mentioned in the blog post:

    
    
        You pay $600 per month for each custom SSL certificate associated with one
        or more CloudFront distributions. This monthly fee is pro-rated by the hour.
        For example, if you had your custom SSL certificate associated with at least
        one CloudFront distribution for just 24 hours (i.e. 1 day) in the month of June,
        your total charge for using the custom SSL certificate feature in June will be
        (1 day / 30 days) * $600 = $20.

~~~
cperciva
_You pay $600 per month for each custom SSL certificate associated with one or
more CloudFront distributions._

This is... impressively expensive.

~~~
ceejayoz
Not when you think about what's going on behind the scenes. There are 40
CloudFront datacenters, which means all 40 of them have to have a dedicated IP
and setup just for you and your SSL certificate.

~~~
cperciva
If they're not using SNI I agree that it would be expensive... not necessarily
that expensive, though. Elastic IP addresses cost $0.005/hour, which is about
$3.60/month; multiply that by 40 datacenters and you've got $144/month worth
of IPs, not $600.

~~~
Jamiecon
Problem with SNI is that you lose IE users on XP. In the UK at least, that
means entire organisations with thousands of employees such as Lloyds bank and
the NHS. According to our stats anyway.

------
stellar678
Any ideas on how they accomplish this?

I presume it means that when I upload an SSL cert and associate it with one
(or more) cloudfront distribution, that Amazon ends up dedicating at least one
IP address at every edge location solely to my SSL cert?

I guess the scarcity of IP address space explains the steep pricing? They want
you to consider other options before asking to reserve 40 dedicated IP
addresses.

~~~
adrr
Couldn't they do it with 1 IP and use anycast instead of DNS to route to the
edges?

~~~
jread
CloudFront doesn't use Anycast for content routing - only the DNS side is
Anycast

------
RyanGWU82
Both of these features look really useful; kudos to AWS for launching them.
I've already moved my personal website's root domain directly to CloudFront.
(I was previously hosting the root domain through S3 and the "www" through
CloudFront, so it's nice to have them both set up the same way now.)

~~~
cperciva
I just made exactly the same change with libarchive.org; I'm guessing a lot of
people will be doing this over the next few days...

------
jere
Awesome. I just started with cloudfront a few weeks ago and to my
understanding the root domain thing has been asked about for years. I was kind
of bummed that I had to start using www because I have a pretty short domain.

