Just in case anyone else is going to attempt this challenge here are some pointers:
- Use the Custom Name
- You’ll need a Custom Cert therefore
- Make sure you have the Private Key for the Cert
- Ensure RedSheild turn on SNI for the CloudFront
If you do not use a custom name you will get a 403 forbidden error from CFN as it cannot match the FQDN from RedShield into a AWS CloudFront distribution.
If you do not have SNI turned on in RedShield you will either get a Connection Reset error or a Received no Data error.