AWS Certificate Manager (ACM) announces automated public TLS certificates for Amazon CloudFront . CloudFront customers can now simply check a box to receive required public certificates to enable TLS when creating new CloudFront content delivery applications. ACM and CloudFront work together to automatically request, issue and associate the required public certificates with CloudFront. ACM will also automatically renew these certificates as long as the certificate is in use and traffic for the certificate domain is routed to CloudFront. Previously, to set up a similar secure CloudFront distribution, customers had to request a public certificate through ACM, validate the domain, and then associate the issued certificate with the CloudFront distribution. This option remains available to customers.
ACM uses a domain validation method commonly referred to as HTTP, or file-based validation, to both issue and renew these certificates. Domain validation ensures that ACM issues the certificates only to domain users who are authorized to acquire a certificate for the domain. Network and certificate administrators can still use ACM to view and monitor these certificates. While ACM automatically manages the certificate lifecycle, administrators can use ACM’s Certificate lifecycle CloudWatch events to monitor certificate updates and publish the information to a centralized security information and event management (SIEM) and/or enterprise resource planning (ERP) solution.
To learn more about this feature, please refer to our documentation . You can learn more about ACM here and CloudFront here .