1

Apparently I can choose from either 1) AWS Certificate Manager and 2) AWS Identity and Access Management

enter image description here

What are the pro and con for these two options?

And when the certificate is expired, how can I updated associated certificate for the load balancer?

Anthony Kong
  • 3,288
  • 11
  • 57
  • 96

1 Answers1

3

with ACM, Amazon is the CA. So you create a SSL cert with ACM and Amazon will issue you a cert that you can use on ELB/Cloudfront. THe benefit is Amazon will auto-renew the cert for you.

with IAM, you purchase the cert and upload the cert, key and maybe chain if needed. The benefit is you can use the cert anywhere you need to but you need to make sure you renew.

Mike
  • 22,310
  • 7
  • 56
  • 79
  • I am currently using another CA to issue ssl certificates. If i am to switch to ACM, do I need to ditch the existing CA issuer? Or I can keep both? – Anthony Kong Aug 29 '17 at 23:22
  • You don't need to ditch it but you need to request a new cert. with ACM you don't get the key so you can't use it outside of amazon services. – Mike Aug 30 '17 at 13:44
  • 2
    ACM supports importing a certificate issued by another CA. Perhaps this capability is new since the original answer was posted. – Eric Jan 04 '19 at 16:55