What is the right Amazon certificate service for my needs?
Amazon offers two options to customers deploying managed X.509 certificates. Choose the best one for your needs.
-
Amazon Certificate Manager (ACM)—This service is for enterprise customers who need a secure web presence using TLS. ACM certificates are deployed through Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated Amazon services. The most common application of this kind is a secure public website with significant traffic requirements. ACM also simplifies security management by automating the renewal of expiring certificates. You are in the right place for this service.
-
Amazon Private CA—This service is for enterprise customers building a public key infrastructure (PKI) inside the Amazon cloud and intended for private use within an organization. With Amazon Private CA, you can create your own certificate authority (CA) hierarchy and issue certificates with it for authenticating users, computers, applications, services, servers, and other devices. Certificates issued by a private CA cannot be used on the internet. For more information, see the Amazon Private CA User Guide.
Note
Amazon Private Certificate Authority is not available in the Beijing and Ningxia Regions.