Please enable JavaScript.
Coggle requires JavaScript to display documents.
26.304: Certificate Manager (ACM) - Coggle Diagram
26.304: Certificate Manager (ACM)
Features
EZ provision, manage, deploy TLS Certificates
Provide in flight encryption for web (HTTPS)
Support both public and private TLS certificate
Free public TLS certificates
Auto TLS certificate renewal
Integrations with
Elastic Load Balancers (CLB, ALB, NLB)
CloudFront Distributions
API Gateway
Cannot use ACM with EC2
Request Public certificate
List domain names
Fully Qualified Domain Name (FQDN): corp.example.com
Wildcard Domain: *.example.comn
Select Validation Method
DNS validation
: auto purpose
Email validation
: send email to contact address in WHOIS database
DNS validation leverage a CNAM record to DNS config
It will take few hours to get verified
The Public Certificate will be enrolled for auto renewal
ACM auto renews ACM 60 days before expire
Import public certificate
Generate the certificate then import it
No auto renew
, must import new certificate before expiry
ACM send daily expiration events
starting 45 days prior to expire
The # of days can be config
Event appear in EventBridge
AWS Config named acm-certificate-expiration-check to check expire certificate
End point type
Edge optimize: For global client
Request are routed through the CloudFront Edge location
The API Gateway still lives in only 1 region
Regional
For clients within the same region
Could manually combine with CloudFront
Private
Can only be accessed from your VPC using an interface VPC endpoint (ENI)
Use a resource policy to define access
Integrate with API Gateway
Create a
Custom Domain Name
Edge optimize: Global client
TLS Certificate must be in us-east-1
Regional
TLS Certificate must be same region as the API Stage