AWS Certificate Manager (ACM)

Certificate Manager is a regional resource and it can only be used within services that support it.

For example, you can use ACM to create a certificate for use with Amazon Elastic Load Balancing (ELB) and Amazon CloudFront, but not for EC2 instances!

ACM supports:

  • Generated certificates, they’re AWS Managed and automatically renewed

  • Imported certificates, they’re self-signed and must be manually renewed.

A certificate has to live in the same region it will be used in. ALB in eu-north-1 cannot use certificates stored in us-west-1!!!

An exception to this is CloudFront, which is a global service and needs certificates to be stored in us-east-1.