ACM Flashcards
ACM
Can you run a public Certificate Authority with ACM?
Yes
ACM
Can you run a private Certificate Authority with ACM?
Yes
ACM
ACM: do you generate certs yourself, or does/can ACM do it for you?
Both: AWS generate certs or you can BYOC
ACM
Can ACM automatically renew certificates that it generates?
important
Yes
ACM
Can ACM automatically renew certificates that you import?
important
No: you are responsible
ACM
What servicese will ACM deploy certificates to?
important
Only a couple AWS services, nothing else (CloudFront and ALBs)
ACM
I want to use NLB and terminate SSL on my EC2. Use ACM?
important
Nope, no secure way to get the certificate key material onto the EC2
ACM
Why shouldn’t I keep certificates on my EC2 web server?
Bad actor could get the private key material
ACM
Are certificates global or regional?
important
Regional: certs don’t leave region they live in
ACM
Have ALB in us-west-1. What certs can be used with it?
important
Only certs in us-west-1 ACM
ACM
Where does CloudFront get it’s certificates (ACM)?
important
Always us-east-1
ACM
How can you move a cert in ACM from one region to another?
Can’t. Permanently pinned to the region.