ACM: AWS Certificate Manager

Question 1

What types of Certificate Authority (CA) can AWS Certificate Manager (ACM) serve as?

Answer 1

A public or a private CA.

Question 2

How do certificates end up in AWS Certificate Manager (ACM)?

Answer 2

You can generate them or import them.

Question 3

What happens when a certificate generated by AWS Certificate Manager (ACM) expires?

Answer 3

ACM automatically renews it.

Question 4

What happens when a certificate imported into AWS Certificate Manager (ACM) expires?

Answer 4

You are responsible for renewing them.

Question 5

What services can AWS Certificate Manager (ACM) deploy certificates out to?

Answer 5

CloudFront, Application Load Balancers, and other supported services. It cannot deploy to EC2 because EC2 is not supported.

Question 6

What type of service is AWS Certificate Manager (ACM)?

Answer 6

ACM is a regional service.

Question 7

Can certificates generate or imported in AWS Certificate Manager (ACM) in one region leave that region?

Answer 7

No.

Question 8

If you want to use a certificate with a service in a given region, where must you put the certificate?

Answer 8

In the AWS Certificate Manager (ACM) in the same region.

Question 9

Where are certificates for CloudFront located?

Answer 9

For CloudFront and other global services, certificates must be in the AWS Certificate Manager (ACM) in us-east-1.

Question 10

How do you use AWS Certificate Manager to manage S3 certificates?

Answer 10

You can’t. S3 handles certificates natively.