AWS Certificate Manager Private Certificate Authority now includes increased certificate issuance rate limits and support for Amazon S3 bucket encryption

Posted on: Apr 17, 2020

AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports increased certificate issuance rate limits and support for encryption of Amazon S3 buckets used for certificate revocation lists and audit reports.

ACM Private CA has increased the rate limit for certificate issuance requests from 5 requests per second to 25 requests per second, allowing you to issue as many as 2.1M certificates per day. This provides better support for use cases that require a large number of certificates in a short period of time, such as manufacturing IoT devices or securing service-to-service traffic in a service mesh. The higher limits are reflected in your accounts automatically, with additional increases available by request. Visit the ACM Private CA documentation for a list of ACM Private CA Service Quotas and to learn how to request a rate limit increase.

ACM Private CA generates and stores data into customers’ Amazon Simple Storage Service (S3) buckets, including certificate revocation status (Certificate Revocation Lists) and audit reports that list all of the certificates that your private CA has issued or revoked. Until now ACM Private CA could write information only to unencrypted Amazon S3 buckets. With this release, customers that are required to use encrypted Amazon S3 buckets for external or internal compliance reasons can now use buckets with server-side encryption (SSE) enabled. Visit the ACM Private CA Documentation to learn more about encrypting CRLs and audit reports.

Private CA is available in both commercial and GovCloud regions. For a list of regions see AWS Regions and Endpoints.

To get started, first time ACM Private CA customers can try the service for 30 days with no charge for the operation of their first CA. To learn more, see ACM Private CA.