AWS Certificate Manager features

AWS Certificate Manager (ACM) makes it easy for you to centrally manage your SSL/TLS certificates from the AWS Management Console, AWS CLI, or ACM APIs. You can also audit the use of each certificate by reviewing your AWS CloudTrail logs.

ACM is designed to protect and manage the private keys used with SSL/TLS certificates. Strong encryption and key management best practices are used when protecting and storing private keys.

ACM is integrated with other AWS services, so you can provision an SSL/TLS certificate and deploy it with your Elastic Load Balancer, Amazon CloudFront distribution and Amazon API Gateway. ACM also works with AWS Elastic Beanstalk and AWS CloudFormation for public certificates to help you manage public certificates and use them with your applications in the AWS Cloud. To deploy a certificate with an AWS resource, you simply select the certificate you want from a drop-down list in the AWS Management Console. Alternatively, you can call an AWS API or CLI to associate the certificate with your resource.

ACM makes it easy to issue public certificates that you can export and use on any workload that requires TLS. Public certificates from ACM are issued by Amazon Trust Services and are widely trusted by commonly used platforms such as Apple, Microsoft and popular browsers such as Chrome and Firefox. By default, you can continue to issue public certificates at no additional cost for use with integrated AWS services.

ACM makes it easy to import SSL/TLS certificates issued by third-party Certificate Authorities (CAs) and deploy them with your Elastic Load Balancers, Amazon CloudFront distributions and APIs on Amazon API Gateway. You can monitor the expiration date of an imported certificate and import a replacement when the existing certificate is nearing expiration. Alternatively, you can request a free certificate from ACM and let AWS manage future renewals for you. Importing certificates doesn't cost anything.