AWS Certificate Manager Documentation

You can use AWS Certificate Manager (ACM) to centrally manage Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. These include both certificates issued by and imported into ACM. You can also audit the use of each certificate by reviewing your Amazon CloudTrail logs.

AWS Certificate Manager is designed to protect and manage the private keys used with SSL/TLS certificates. Strong encryption and key management best practices are used when protecting and storing private keys.

AWS Certificate Manager is integrated with other AWS services, so you can provision an SSL/TLS certificate and deploy it with your Elastic Load Balancer, Amazon CloudFront distribution or API in Amazon API Gateway. AWS Certificate Manager also works with AWS Elastic Beanstalk and AWS CloudFormation for public email-validated certificates to help you manage public certificates and use them with your applications in the AWS Cloud. For a list of integrated services, please see https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html.

AWS Certificate Manager allows you to import SSL/TLS certificates issued by third-party CAs and deploy them with your Elastic Load Balancers, Amazon CloudFront distributions and APIs on Amazon API Gateway. You can monitor the expiration date of an imported certificate and import a replacement when the existing certificate is nearing expiration. Alternatively, you can request a certificate from AWS Certificate Manager and let AWS manage future renewals for you.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.