AWS Identity and Access Management
User Guide

Working with Server Certificates

Some AWS services can use server certificates that you manage with IAM or AWS Certificate Manager (ACM). In many cases, we recommend that you use ACM to provision, manage, and deploy your SSL/TLS certificates. With ACM, you can request an SSL/TLS certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let ACM handle certificate renewals for you. SSL/TLS certificates provisioned through ACM are free.

If you instead want to use SSL/TLS certificates that you purchased from a 3rd-party certificate vendor, then you can use IAM to upload, verify, rename, or delete the SSL/TLS certificates that you use AWS services. You must work with your certificate vendor to renew SSL/TLS certificates that expire and then upload them to IAM.

Managing your certificates with AWS Certificate Manager

You can use AWS Certificate Manager to provision certificates for the following services:

Managing your certificates with IAM

You can use IAM to manage certificates that originate from sources other than AWS Certificate Manager:

Other AWS services that use server certificates allow you to manage the server certificates directly with that service. Examples of these services include AWS OpsWorks and Amazon API Gateway.

To learn how to create and manage server certificates with IAM, see the following topics.