Posted On: Oct 26, 2022
AWS Private Certificate Authority (AWS Private CA) now offers short-lived certificate mode, a lower cost mode of AWS Private CA designed for issuing short-lived certificates. With this new mode, public key infrastructure (PKI) administrators, builders, and developers can save money when issuing certificates with validity periods of 7 days or fewer. If you use certificates to convey privileged access, such as with IAM Roles Anywhere, short-lived certificates may offer better security because they expire quickly rather than relying on the need to revoke certificates with a longer validity period. With today’s launch of short-lived certificate mode, you can now use a private CA with a dedicated mode for issuing those short-lived certificates.
Additionally, you can now align the lifetime of the certificate with the lifetime of the resource it identifies. For example, you can use short-lived certificates to identify containers for Elastic Kubernetes Service. You set the private CA mode during private CA creation, existing private CAs cannot switch modes. The existing mode of AWS Private CA is now known as general-purpose mode and supports certificates of any validity period. Both modes have distinct pricing for the different use cases they support.