Can I use the new free SSL/TLS AWS certificates without ELB or Beanstalk on plain EC2?
Q: Can I use certificates on Amazon EC2 instances or on my own servers?
No. At this time, certificates provided by ACM can only be used with specific AWS services.
Q: With which AWS services can I use certificates provided by ACM?
You can use ACM with the following AWS services:
• Elastic Load Balancing
• Amazon CloudFront
• AWS Elastic Beanstalk
• Amazon API Gateway
• AWS CloudFormation
The certificates created by Amazon Certificate Manager (ACM) have corresponding private keys that are stored securely within the AWS infrastructure and are not accessible to you... which means you can't deploy these certs directly on systems you have direct access to, like EC2 servers.
You can only use them on services front-ended by Elastic Load Balancer, CloudFront, or both. As CloudFront, unlike ELB, has no monthly baseline cost, it seems like this would be a usable alternative for you, since cost is usually the motivation for not using ELB.
Related videos on Youtube
15 : 13
04 : 19
15 : 24
12 : 28
06 : 46
10 : 34
16 : 24
07 : 07
site80443
Updated on September 18, 2022Comments
-
site80443 over 1 year
AWS just announced free SSL/TLS certificates here: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/
Mainly:
SSL/TLS certificates provisioned through AWS Certificate Manager are free!
and
You can provision, deploy, and renew certificates at no charge.
However, the blog post and articles do not seem to clarify whether the created certificates can be used on plain EC2 instances without ELB or Beanstalk.
It only says this:
Because ELB supports SSL offload, deploying a certificate to a load balancer (rather than to the EC2 instances behind it) will reduce the amount of encryption and decryption work that the instances need to handle.
and
We plan to add support for other AWS services and for other types of domain validation.
This linked article: https://medium.com/@arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.2w5o4vq9p
says
There’s one caveat here: You must be using elastic beanstalk with an elastic load balancer (single instance environments without an ELB in front won’t work).
My question is: Can I access and use the SSL certificates generated by this service and will they be valid?
-
Bazze almost 8 yearsPlease note that ACM support for CloudFront is not yet available in all regions. Also, a ACM certificate cannot be attached to a CloudFront distribution through CloudFormation (yet).
-
Michael - sqlbot almost 8 yearsCloudFront is not a regional service, @Bazze. It is a global service, but the provisioning infrastructure for CloudFront is homed in us-east-1, so that's where you provision ACM certificates that you intend to use for CloudFront. That isn't a limitation, that's part of the design.
-
Bazze almost 8 yearsAh, of course. My bad.
-
MSC over 5 yearsAs of today, the following services can also make use of ACM certificates: Elastic Beanstalk (EB), API Gateway, CloudFormation. See docs.aws.amazon.com/acm/latest/userguide/acm-services.html. I am editing the answer accordingly.
