Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Considerations

When using Amazon Private Certificate Authority with Kubernetes, keep the following considerations in mind.

Cross-account use of cert-manager

Administrators with cross-account access to a CA can use the cert-manager add on for Kubernetes to provision certificates for a cluster using the shared CA. For more information, refer to Security best practices for Cross-account access to private CAs.

You can use only certain Amazon Private CA certificate templates in cross-account scenarios.

The following table lists Amazon Private CA templates that you can use with cert-manager to provision a Kubernetes cluster.