AWS ACM Educational Infographic
AWS Cloud Security

AWS Certificate Manager (ACM)

Simplifying the provisioning, management, and deployment of public and private SSL/TLS certificates.

The Prerequisites

What you need before requesting a managed certificate

Domain Name

A fully qualified domain name (FQDN) like example.com or a wildcard like *.example.com.

DNS Access

Permission to add CNAME records to your DNS provider (e.g., Route 53) for identity validation.

Email Control

Access to admin/webmaster emails if using Email Validation instead of DNS validation.

IAM Roles

Proper AWS Identity and Access Management permissions to request and describe certificates.

The Lifecycle Process

From initial request to automated renewal

01

Request

Choose Public or Private CA. Specify domain names and validation method.

02

Validate

Prove ownership via DNS (recommended) or Email. ACM checks for the record.

03

Issue

AWS issues the certificate. Status changes from ‘Pending’ to ‘Issued’.

04

Deploy

Associate with CloudFront, ALB, or API Gateway. Traffic is now encrypted.

05

Renew

ACM automatically renews certificates before they expire (if DNS record stays).

ACM Service Certificate Auto-Renewal AWS Resources (ALB / CloudFront)
Public Certs are Free

Public SSL/TLS certificates provisioned through ACM for use with ACM-integrated services are provided at no additional cost.

No Exporting

You cannot download the private key for public certificates. AWS handles the security of the keys within the service.

Managed Lifecycle

Say goodbye to manual renewals. ACM manages the entire lifecycle, reducing downtime risks caused by expired certs.

© 2023 Cloud Infrastructure Education | AWS Certificate Manager Deep Dive

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top