I’m a big Let’s Encrypt fan. They provide free SSL certificates for your web servers so you can protect the traffic from prying eyes. In fact, the connection between your web browser and my blog server is made private thanks to Let’s Encrypt.
Using Let’s Encrypt requires some setup and automation on your part if you want to use it in the AWS cloud, but AWS recently launched something called the AWS Certificate Manager or “ACM”. ACM takes care of issuing, renewing, and provisioning certificates for you — which is great because uploading SSL certificates to CloudFront and Elastic Load Balancers is not the most fun thing to do. I would pay for this, but Amazon has decided to give it to everyone for free. 🙂
As with anything AWS, this has a couple catches, but if you run your cloud resources in AWS you probably won’t be worried about them:
- You don’t have access to the private key, which means you can’t use the same certificate elsewhere.
ACM is currently only available in theACM is currently available in all major AWS regions[footnote]As of this update (2016/06/07), ACM is available all regions except US GovCloud and China Beijing)[/footnote].
- You can’t use ACM certificates across regions (with the exception of CloudFront, which doesn’t have a region — note that CloudFront ACM certificates must be located in the
Test it out for yourself:
One reply on “Playing around with AWS Certificate Manager”
Hi, thanks a lot for this blog. It was breaking my head to no end why my certificate was not appearing in the Cloudfront dropdown. I had to create it in the right region – it is valid everywhere but it has to “sit” in us-east-1. Madness 🙂 Thanks to your post I figured that out.