Back to Catalog
Security & Compliance

AWS Certificate Manager (ACM)

"Provision, manage, and deploy public and private SSL/TLS certificates."

What is AWS Certificate Manager (ACM)?

AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS certificates. You can provision a public certificate for a domain you own (e.g., www.example.com) and deploy it on supported AWS resources like Load Balancers and CloudFront distributions.

Key Concepts

1. Free Public Certificates

  • Public SSL/TLS certificates are free when used with ACM-integrated services (ELB, CloudFront, API Gateway).

2. Auto-Renewal

  • ACM automatically renews certificates before they expire, removing the risk of downtime due to expired certificates.
  • Requires DNS validation (preferable) or Email validation.

3. Integrated Services

  • You cannot "download" the private key of a public ACM certificate. You must install it solely on:
    • Elastic Load Balancers (ALB, NLB)
    • CloudFront
    • API Gateway

Exam Tips

[!IMPORTANT] "SSL/TLS Certificates for Load Balancers/CloudFront" or "Auto-renew SSL certificates": The answer is AWS Certificate Manager (ACM).

[!WARNING] You cannot export the private key for public certificates. If you need to install a cert on an EC2 instance directly (Apache/Nginx), you cannot use a public ACM cert (unless using AWS Enclaves or specific private CA options). You usually terminate SSL at the Load Balancer level.

Common Use Cases

  • HTTPS Website: Securing https://myapp.com using an Application Load Balancer.
  • Content Delivery: Securing a CloudFront distribution with a custom domain.
Firewall Manager
Directory Service
SWIPE ZONE
< DRAG ME >