<h1 id="acm">ACM<a aria-hidden="true" class="anchor-heading icon-link" href="#acm"></a></h1>
<p><abbr title="Amazon Web Services">AWS</abbr> Certificate Manager provides two services:</p>
<ul>
<li>a fully-managed, pay as you go private <abbr title="Certificate Authority">CA</abbr> for provisioning, managing, and deploying certificates across both <abbr title="Amazon Web Services">AWS</abbr> services and on-premises resources; and</li>
<li>automated and cost-free issuing of public certificates for <abbr title="Amazon Web Services">AWS</abbr> services such as <a href="/notes/2fe0411e-1039-433b-b91b-b5177697b532">Elastic Load Balancing</a> and <a href="/notes/96d8ceb4-0883-4d57-b6a4-0112dd89e768">API Gateway</a>.</li>
</ul>
<h1 id="public-certificates">Public certificates<a aria-hidden="true" class="anchor-heading icon-link" href="#public-certificates"></a></h1>
<p>Public certificates issued for <abbr title="Amazon Web Services">AWS</abbr> for public services are free, with the caveat that you don't get access to the private key and cannot relocate the certificate outside of <abbr title="Amazon Web Services">AWS</abbr>.</p>
<h1 id="private-ca">Private <abbr title="Certificate Authority">CA</abbr><a aria-hidden="true" class="anchor-heading icon-link" href="#private-ca"></a></h1>
<p>Private <abbr title="Certificate Authority">CA</abbr> runs a fully-managed certificate authority, which hosts CRLs and <abbr title="Online Certificate Status Protocol">OCSP</abbr> servers.</p>
<h2 id="certificate-management">Certificate management<a aria-hidden="true" class="anchor-heading icon-link" href="#certificate-management"></a></h2>
<p>The private <abbr title="Certificate Authority">CA</abbr> allows you to centrally manage all certificates issued below your on-premises root (intermediate) <abbr title="Certificate Authority">CA</abbr>. The service can automatically renew certificates as they approach their expiry.</p>
<p>CRLs are issued automatically.</p>
<h2 id="security">Security<a aria-hidden="true" class="anchor-heading icon-link" href="#security"></a></h2>
<p>Certificates and private keys are stored securely in HSMs. As with other <abbr title="Amazon Web Services">AWS</abbr> services, access controls can be defined using <a href="/notes/cbb16e7d-757c-49a4-bdc7-0e9637d924a6">IAM</a> policies.</p>
<h2 id="auditing">Auditing<a aria-hidden="true" class="anchor-heading icon-link" href="#auditing"></a></h2>
<p><abbr title="AWS Certificate Manager">ACM</abbr> allows you to view audit reports for events, and events are also written to <a href="/notes/26afa666-55a1-4e6d-baab-d158fd6d8080">CloudTrail</a>.</p>


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)


ACM

Public certificates

Private CA

Certificate management

Security

Auditing