ACM

Question 1

ACM

Can you run a public Certificate Authority with ACM?

Answer 1

Yes

Question 2

ACM

Can you run a private Certificate Authority with ACM?

Answer 2

Yes

Question 3

ACM

ACM: do you generate certs yourself, or does/can ACM do it for you?

Answer 3

Both: AWS generate certs or you can BYOC

Question 4

ACM

Can ACM automatically renew certificates that it generates?

important

Answer 4

Yes

Question 5

ACM

Can ACM automatically renew certificates that you import?

important

Answer 5

No: you are responsible

Question 6

ACM

What servicese will ACM deploy certificates to?

important

Answer 6

Only a couple AWS services, nothing else (CloudFront and ALBs)

Question 7

ACM

I want to use NLB and terminate SSL on my EC2. Use ACM?

important

Answer 7

Nope, no secure way to get the certificate key material onto the EC2

Question 8

ACM

Why shouldn’t I keep certificates on my EC2 web server?

Answer 8

Bad actor could get the private key material

Question 9

ACM

Are certificates global or regional?

important

Answer 9

Regional: certs don’t leave region they live in

Question 10

ACM

Have ALB in us-west-1. What certs can be used with it?

important

Answer 10

Only certs in us-west-1 ACM

Question 11

ACM

Where does CloudFront get it’s certificates (ACM)?

important

Answer 11

Always us-east-1

Question 12

ACM

How can you move a cert in ACM from one region to another?

Answer 12

Can’t. Permanently pinned to the region.