AWS Identity and Access Management
User Guide

Working with Server Certificates

Some AWS services can use server certificates that you manage with IAM or AWS Certificate Manager (ACM). In many cases, we recommend that you use ACM to provision, manage, and deploy your SSL/TLS certificates. With ACM, you can request an SSL/TLS certificate, deploy it on AWS resources such as Elastic Load Balancers, Amazon CloudFront distributions, or AWS Elastic Beanstalk environments, and let ACM handle certificate renewals for you. SSL/TLS certificates provisioned through ACM are free.

If you instead want to use SSL/TLS certificates that you purchased from a 3rd-party certificate vendor, then you can use IAM to upload, verify, rename, or delete these certificates. When your SSL/TLS certificates expire, you must work with your certificate vendor to renew them and then upload them to IAM.

You can use ACM Certificates or 3rd-party certificates with the following AWS services:

Other AWS services that use server certificates allow you to manage the server certificates directly with that service. Examples of these services include AWS OpsWorks and Amazon API Gateway.

To learn how to create and manage server certificates with IAM, see the following topics.