Amazon Certificate Manager features

Amazon Certificate Manager is designed to protect and manage the private keys used with SSL/TLS certificates. Strong encryption and key management best practices are used when protecting and storing private keys.

Amazon Certificate Manager is integrated with other Amazon Web Services services, so you can provision an SSL/TLS certificate and deploy it with your Elastic Load Balancer or API in Amazon API Gateway. Amazon Certificate Manager also works with Amazon Elastic Beanstalk and Amazon CloudFormation for public email-validated certificates to help you manage public certificates and use them with your applications in the Amazon Web Services Cloud. To deploy a certificate with an Amazon Web Services resource, you simply select the certificate you want from a drop-down list in the Amazon Web Services resource Management Console. Alternatively, you can call an Amazon API or CLI to associate the certificate with your resource. Amazon Certificate Manager then deploys the certificate to the selected resource for you.

Amazon Certificate Manager makes it easy to import SSL/TLS certificates issued by third-party Certificate Authorities (CAs) and deploy them with your Elastic Load Balancers and APIs on Amazon API Gateway. You can monitor the expiration date of an imported certificate and import a replacement when the existing certificate is nearing expiration. Alternatively, you can request a free certificate from Amazon Certificate Manager and let Amazon Web Services manage future renewals for you. Importing certificates doesn't cost anything.