AWS Certificate Manager のアイコン

AWS Certificate Manager Essential2016年〜

A service that automates provisioning, management, and deployment of SSL/TLS certificates

About 3 min read

What It Does

AWS Certificate Manager (ACM) is a service that issues SSL/TLS certificates for free and automatically renews them for use with your websites and applications. You can deploy certificates to AWS services like CloudFront, Elastic Load Balancing, and API Gateway with a single click. ACM frees you from managing certificate expiration dates and renewal tasks, making it easy to enable HTTPS communication.

Use Cases

ACM is used for enabling HTTPS on websites, encrypting API endpoint communications, configuring CloudFront distributions with custom domains, and SSL termination on load balancers. You can also cover multiple domains and subdomains with a single certificate.

Everyday Analogy

Think of it like an automatic driver's license renewal service. Normally, SSL certificates have an expiration date, and when they expire, your website displays a "not secure" warning. ACM issues your license (certificate) for free and automatically renews it before it expires. You never have to worry about forgetting to renew and having it lapse.

What Is ACM?

AWS Certificate Manager (ACM) is a service that automates the issuance, management, and deployment of SSL/TLS certificates. SSL/TLS certificates are required to encrypt communication between websites and browsers - any site whose URL starts with "https://" uses one of these certificates. With ACM, you can build a secure communication environment without the hassle of purchasing certificates or manually renewing them.

Certificate Issuance and Validation

To issue a certificate with ACM, you specify the target domain name and submit a request. You then verify domain ownership through either DNS validation or email validation. For DNS validation, you simply add a specified CNAME record to your domain's DNS. If you're using Route 53, you can add the DNS record with a single button click, and the certificate is issued within minutes.

How Auto-Renewal Works

Certificates issued by ACM have a 13-month validity period and are automatically renewed as the expiration date approaches. When using DNS validation, renewal is fully automatic as long as the CNAME record remains in place. No manual renewal work is required at all. This fundamentally prevents the common issue of site downtime caused by expired certificates. You can also learn practical tips on auto-renewal from books on Amazon.

Getting Started

In the ACM console, click "Request a certificate" and select a public certificate. Enter the domain names you want to protect (e.g., example.com, *.example.com), choose DNS validation, and submit the request. Once you add the CNAME record to your DNS and validation completes, the certificate is issued. Then simply select the issued certificate in your CloudFront or ALB configuration.

Things to Watch Out For

  • Public certificates issued by ACM are free, but certificates used with CloudFront must be issued in the us-east-1 region
  • ACM certificates can only be used with AWS services (CloudFront, ALB, API Gateway, etc.) and cannot be installed directly on EC2 instances
  • Wildcard certificates (*.example.com) let you cover all subdomains with a single certificate
共有するXB!

Related Services

Amazon CloudFront iconAmazon CloudFrontA CDN service that delivers content at high speed from edge locations around the worldElastic Load Balancing iconElastic Load BalancingA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAmazon Route 53 iconAmazon Route 53A highly available Domain Name System (DNS) and domain registration serviceAmazon API Gateway iconAmazon API GatewayA fully managed service for creating, publishing, managing, and monitoring APIs

Related Articles

Automating SSL/TLS Certificate Management with AWS Certificate Manager - From Issuance to RotationLearn how ACM handles free public certificate issuance, DNS validation, automatic renewal, and deployment to ALB and CloudFront.Certificate Management and HTTPS - Automated TLS Certificate Operations with AWS Certificate ManagerLearn about TLS/SSL certificate issuance, automatic renewal, and deployment using AWS Certificate Manager (ACM). Covers integration with CloudFront, ALB, and API Gateway, DNS validation, and Private CA usage.Building a Private PKI with AWS Private CA - Automated Certificate Issuance and RotationBuild a private certificate authority and automatically issue mTLS certificates for internal service-to-service communication. Learn about certificate lifecycle management and CRL design.Domain Registration and DNS Migration with Amazon Route 53 - Registrar Transfers and Zone ConfigurationA comprehensive walkthrough covering domain registration, transfers from other registrars, public and private hosted zone design, and enabling DNSSEC.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWSAWS Firewall Manager iconAWS Firewall Manager SpecializedA service for centrally managing firewall rules across your entire AWS Organization

Similar Articles and Services

AWS Certificate ManagerA service that provisions, manages, and auto-renews SSL/TLS certificates, enabling free HTTPS on CloudFront and ALBAutomating SSL/TLS Certificate Management with AWS Certificate Manager - From Issuance to RotationLearn how ACM handles free public certificate issuance, DNS validation, automatic renewal, and deployment to ALB and CloudFront.Certificate Management and HTTPS - Automated TLS Certificate Operations with AWS Certificate ManagerLearn about TLS/SSL certificate issuance, automatic renewal, and deployment using AWS Certificate Manager (ACM). Covers integration with CloudFront, ALB, and API Gateway, DNS validation, and Private CA usage.AWS Private Certificate AuthorityA managed certificate authority service for issuing and managing private certificatesBuilding a Private PKI with AWS Private CA - Automated Certificate Issuance and RotationBuild a private certificate authority and automatically issue mTLS certificates for internal service-to-service communication. Learn about certificate lifecycle management and CRL design.