ACM Flashcards

1
Q

ACM

Can you run a public Certificate Authority with ACM?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ACM

Can you run a private Certificate Authority with ACM?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ACM

ACM: do you generate certs yourself, or does/can ACM do it for you?

A

Both: AWS generate certs or you can BYOC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ACM

Can ACM automatically renew certificates that it generates?

important

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ACM

Can ACM automatically renew certificates that you import?

important

A

No: you are responsible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ACM

What servicese will ACM deploy certificates to?

important

A

Only a couple AWS services, nothing else (CloudFront and ALBs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ACM

I want to use NLB and terminate SSL on my EC2. Use ACM?

important

A

Nope, no secure way to get the certificate key material onto the EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ACM

Why shouldn’t I keep certificates on my EC2 web server?

A

Bad actor could get the private key material

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ACM

Are certificates global or regional?

important

A

Regional: certs don’t leave region they live in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ACM

Have ALB in us-west-1. What certs can be used with it?

important

A

Only certs in us-west-1 ACM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ACM

Where does CloudFront get it’s certificates (ACM)?

important

A

Always us-east-1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ACM

How can you move a cert in ACM from one region to another?

A

Can’t. Permanently pinned to the region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly