In order for the Amazon issued certificate to work, we need to click on the validation link that Amazon sends to the following addresses:
The easiest way to receive this email on a Route 53 domain is to temporarily setup AWS Workmail.
Setting up AWS Workmail
Proving Ownership of Domain
Configure your Route53 records to match the values desired by the AWS Workmail verification screen. Note that 'Hostname' field already contains your domain name, but the interface for Route53 already suffixes your domain for you. Ensure you only copy+paste up to your domain. For example:
If all your Record sets were configured correctly, then you should see this:
Create the hostmaster user
Inside of AWS Workmail, add a user named hostmaster (this is the email that receives the validation email from the Certificate Manager)
Go to Organization Settings to get the login URL for your organization
Login as the hostmaster user with the password given above
After hitting Resend, you should an email from Amazon Certificates
Open the email and approve the Certificate.
Now we have a working Domain and Certificate! Feel free to delete the AWS Workmail account and organization.
Step 2: Create VPC and two subnets
We're going to create a VPC with two subnets, since we'll be using a minimum of two availability zones. We will be using us-west-1a and us-west-1c.
Create the first subnet, on the 10.0.0.0/24 block and the second subnet on the 10.0.1.0/24 block.
Final result should be two subnets in two different availability zones.