AWS証明書の期限切れに注意：本日

１．はじめに

　ＡＷＳ　ＤｙｎａｍｏＤＢを使用している方は証明書が期限切れになるものがあるようです。４月上旬に案内が来ております。本日テストしましたがまだ使えてます。対象者がよくわかりませんが、利用できなくなったら一度証明書を切り替えてみましょう。

２．内容：メール内容

ーーーーーーーーーーーーーーーー

Hello,

Your AWS account has been identified as having a client (browser or application) that accessed an Amazon DynamoDB or Amazon DynamoDB Streams API in the last 30 days. The purpose of this upgrade notice is to communicate a change and actions you may need to take to continue to access these endpoints.

We will update the certificate authority(CA) for the certificates used by Amazon DynamoDB domains on May 14, 2018. At that time, the SSL/TLS certificates used by DynamoDB will be issued by Amazon Trust Services.

If your client machines already support the following CAs, no action is required:

- Amazon Root CA 1

- Starfield Services Root Certificate Authority - G2

- Starfield Class 2 Certification Authority

This upgrade notice covers the following endpoints:

Amazon DynamoDB

- dynamodb.us-east-1.amazonaws.com

- dynamodb.us-east-2.amazonaws.com

- dynamodb.us-west-1.amazonaws.com

- dynamodb.us-west-2.amazonaws.com

- dynamodb.ap-northeast-1.amazonaws.com

- dynamodb.ap-northeast-2.amazonaws.com

- dynamodb.ap-northeast-3.amazonaws.com

- dynamodb.ap-south-1.amazonaws.com

- dynamodb.ap-southeast-1.amazonaws.com

- dynamodb.ap-southeast-2.amazonaws.com

- dynamodb.ca-central-1.amazonaws.com

- dynamodb.eu-central-1.amazonaws.com

- dynamodb.eu-west-1.amazonaws.com

- dynamodb.eu-west-2.amazonaws.com

- dynamodb.eu-west-3.amazonaws.com

Amazon DynamoDB Streams

- streams.dynamodb.us-east-1.amazonaws.com

- streams.dynamodb.us-east-2.amazonaws.com

- streams.dynamodb.us-west-1.amazonaws.com

- streams.dynamodb.us-west-2.amazonaws.com

- streams.dynamodb.ap-northeast-1.amazonaws.com

- streams.dynamodb.ap-northeast-2.amazonaws.com

- streams.dynamodb.ap-south-1.amazonaws.com

- streams.dynamodb.ap-southeast-1.amazonaws.com

- streams.dynamodb.ap-southeast-2.amazonaws.com

- streams.dynamodb.ca-central-1.amazonaws.com

- streams.dynamodb.eu-central-1.amazonaws.com

- streams.dynamodb.eu-west-1.amazonaws.com

- streams.dynamodb.eu-west-2.amazonaws.com

If your clients already trust at least one of the above three CAs then they will trust our certificates and no action is required. However, if you do not already trust any of the above CAs and do not add them to your trusted CA list by May 14, 2018 at 9:00 AM PDT, HTTPS connections to the DynamoDB or DynamoDB Streams APIs will not be established. For more information about this AWS update, please visit this blog post: https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/

For information on the Amazon root CA see: https://www.amazontrust.com/repository/

* Testing Your Programmatic Access to DynamoDB In December 2017, we launched the EU (Paris) Region(EU-WEST-3) with secure certificates issued by Amazon Trust Services. If you access DynamoDB or DynamoDB Streams programmatically, you can call the DynamoDB API or DynamoDB Streams API in the EU (Paris) Region(EU-WEST-3) to validate that the TLS handshake succeeds. If your API calls succeed in the EU (Paris) Region(EU-WEST-3), then they will continue to work as we deploy the CA changes to other AWS Regions. The specific endpoints you need to access in such a test are:

- DynamoDB: https://dynamodb.eu-west-3.amazonaws.com

- DynamoDB Streams: https://streams.dynamodb.eu-west-3.amazonaws.com

Most AWS SDKs and CLIs ( https://aws.amazon.com/tools/ ) are not affected by the transition to the Amazon Trust Services CA. If you are using a version of the Python AWS SDK or CLI released before October 29, 2013, you must upgrade your SDK. The .NET, Java, PHP, Go, JavaScript, and C++ SDKs and CLIs do not bundle any certificates, so their certificates come from the underlying operating system. The Ruby SDK has included at least one of the required CAs since June 10, 2015. Before that date, the Ruby V2 SDK did not bundle certificates. Depending on your SDK version and retry strategy, you might observe long delays before your software receives an error indicating SSL negotiation failure.

* Operating systems with Amazon Trust Services CA support

- Microsoft Windows versions that have January 2005 or later updates installed, Windows Vista, Windows 7, Windows Server 2008, and newer versions

- Mac OS X 10.4 with Java for Mac OS X 10.4 Release 5, Mac OS X 10.5 and newer versions

- Red Hat Enterprise Linux 5 (March 2007), Linux 6, and Linux 7 and CentOS 5, CentOS 6, and CentOS 7

- Ubuntu 8.10

- Debian 5.0

- Amazon Linux (all versions)

- Java 1.4.2_12, Java 5 update 2, and all newer versions, including Java 6, Java 7, and Java 8

* What to do if the Amazon Trust Services CAs are not in your trust store?

If you cannot access the DynamoDB API at https://dynamodb.eu-west-3.amazonaws.com or the DynamoDB Streams API at https://streams.dynamodb.eu-west-3.amazonaws.com and you need to upgrade your certificate bundle, you can upgrade your certificate bundle by importing at least one of the required CAs. You can find the required CAs at https://www.amazontrust.com/repository/ . Instructions for importing a root CA certificate into your certificate bundle vary, so see the documentation that came with your software if you have questions about importing a root CA certificate.

Thank you for using Amazon DynamoDB or Amazon DynamoDB Streams, and please contact AWS Support if you have any questions: https://aws.amazon.com/support

Sincerely,

Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210

ーーーーーーーーーーーーーーーーーーー

３．問い合わせ先

当社の強み

・無線ＬＡＮの専門調査会社として、セキュリティから電波までの無線ＬＡＮの専門性を強みとしております。

・無線歴３５年、ＳＩ歴２５年の専門家が対応します。

・自社所有の測定ツール（Ｌｉｎｕｘ，スペアナ、電波診断ツール、セキュリティ診断ツール、トラヒック診断ツール）により迅速に対応します。

スペクトラム・テクノロジー株式会社

https://spectrum-tech.co.jp

電話：04-2990-8881

email:sales@spectrum-tech.co.jp

line@のｉｄ； @htr2462r

担当：村上