AWS Certificate Manager – ACM
- AWS Certificate Manager – ACM helps easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and internal connected resources.
- AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates.
- AWS Certificate Manager can help quickly request a certificate, deploy it on ACM-integrated AWS resources, such as ELB, CloudFront distributions, and APIs on API Gateway, and handle certificate renewals.
- ACM supports importing third-party certificates into the ACM management system.
- ACM also supports the creation of private certificates for the internal resources and manages the certificate lifecycle centrally.
- ACM certificates are regional resources.
ACM Limitations
- does not provide certificates for anything other than the SSL/TLS protocols.
- cannot use certificates for email encryption.
- cannot request certificates for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.
- cannot download the private key for an ACM certificate.
- cannot directly install certificates on the EC2 website or application
- are regional resources and cannot copy a certificate between regions. To use a certificate with ELB for the same FQDN or set of FQDNs in more than one AWS region, you must request or import a certificate for each region. For certificates provided by AWS Certificate Manager, you must revalidate each domain name in the certificate for each region
- with CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an ELB. Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future. What is the MOST operationally efficient solution that meets these requirements?
- Request a public certificate by using AWS Certificate Manager. Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.
- Request a public certificate by using AWS Certificate Manager. Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
- Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager. Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
- Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.