AWS Certificate Manager Private Certificate Authority now supports Private Link endpoints

Posted on: Aug 4, 2020

Starting today, AWS Certificate Manager (ACM) Private Certificate Authority (CA) now offers PrivateLink endpoints. ACM Private CA support for AWS PrivateLink enables you to use ACM Private CA APIs inside of your Amazon Virtual Private Cloud (VPC) and route data between your VPC and Private CA entirely within the AWS network.

With AWS PrivateLink, you can provision and use VPC endpoints to access supported services hosted in the AWS Cloud. AWS PrivateLink provides you a highly available and scalable way to access AWS services while keeping all the network traffic within the AWS network. You can create a VPC endpoint for ACM PCA using the Amazon VPC console, AWS CLI, or AWS SDK. Once the endpoint is created, you can submit requests to ACM Private CA via the endpoint using the AWS CLI or AWS SDK.

ACM Private CA is a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates. ACM Private CA provides a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA. ACM Private CA extends ACM’s certificate management capabilities to private certificates, enabling you to manage public and private certificates centrally.  

For a list of regions where ACM Private CA is available, see AWS Regions and Endpoints. Support for AWS PrivateLink is available only in non-FIPS AWS Regions where ACM Private CA is available.

To get started, first time ACM Private CA customers can try the service for 30 days with no charge for the operation of their first CA. To learn more about the service, see ACM Private CA. To learn more about the new PrivateLink endpoints see the ACM Private CA Documentation.