I would like to share my experience in configuring DNS records under your already existing DNS (outside of AWS) for a sub-domain and routing traffic to your EC2 instance for Elastic Beanstalk application using Route 53 of Amazone, phh :P
So you will need:
- EC2 up and running
- Elastic Beanstalk if you use it
- Route 53 (seems paid feature)
- Access to your current DNS records usually your hosting provided or DNS hosting service provide you with access to it
First thing you need is to allocate Elastic IP Address to your EC2 instance (something like Static IP address)
Go to Network & Security > Elastic IPs
Click the Allocate Elastic Ip address and assign it to your EC2 instance.
Now we need to configure Route 53 - go to Route 53 > Hosted Zones and create new zone and name it
as your sub-domain like sub.maindomain.com
Go inside of the zone and create a new record, select Type A - IPv4 address, set Alias to Yes and set your Alias Target to your ElastikBeanstalk instance name and click the Save Record Set button.
Now you need to goe to your hosting or DNS provider and add all NS records that you see under the Route 53 NS type (created by default by AWS).
In my case it was XXXHosting provider that hosted servers and DNS. On the Control Panel I found DNS management
and added a new DNS records for sub.maindomain.com with Type NS and pointing to the NS servers.
Give it some time from 30 minutes to a few hours to propagate through the world and now your subdomain will direct all traffic to your AWS instance.
Today I'm going to share some experience about SSL rating, time, security, performance and why it is better to turn off the RC4 protocol.
Also I did find and would like to share two useful resources that you can use to check your SSL and Website overall performance:
- https://www.dotcom-tools.com/website-speed-test.aspx to analyze your website from different world locations
- https://www.ssllabs.com/ssltest/analyze.html to analyze your SSL certificate
Using that two tools I did find a few main issues: my IIS server were still using RC4 that is considered non-secure, my DNS resolving time was too long from some points of world and my SSL handshake time was not very fast.
DNS resolving time - is still an issue as it require non-server and non-application actions to be taken to resolve it :(
SSL handshake is not so easy to resolve as well but what I have noticed is that resolving RC4 did speedup overall website loading performance and increase overall security rating.
So first step I would suggest is disabling the RC4 protocol. Lets take a look how to disable it on Windows Server with IIS:
- Open the RegEdit (Win + R >> regedit) and find the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers
- Right-click on Ciphers >> New >> Key and name it RC4 40/128
- Right-click on RC4 40/128 >> New >> DWORD (32-bit) Value and name the value Enabled
- Double-click the created Enabled value and make sure that there is zero (0) in Value Data field then click OK
- Repeat those steps and create two more keys with the names RC4 56/128 and RC4 128/128 in the Ciphers directory
- Close the RegEdit
In my case it was not required to reboot my server so I hope you will see the result immediately as well using the ssllabs web-tool I mentioned before.
This will give your A Rating for your SSL website security and as I noticed it speed up your website overall loading time (including SSL time) by 1.2-1.5 times.
Hope that will help you as well and let me know if you can add some useful info in comments.
Thank you and see you :)