Working with Server Certificates
Some AWS services can use server certificates that you manage with IAM or AWS Certificate Manager (ACM). In many cases, we recommend that you use ACM to provision, manage, and deploy your SSL/TLS certificates. With ACM, you can request an SSL/TLS certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let ACM handle certificate renewals for you. SSL/TLS certificates provisioned through ACM are free.
If you instead want to use SSL/TLS certificates that you purchased from a 3rd-party certificate vendor, then you can use IAM to upload, verify, rename, or delete the SSL/TLS certificates that you use AWS services. You must work with your certificate vendor to renew SSL/TLS certificates that expire and then upload them to IAM.
Managing your certificates with AWS Certificate Manager
You can use AWS Certificate Manager to provision certificates for the following services:
Managing your certificates with IAM
You can use IAM to manage certificates that originate from sources other than AWS Certificate Manager:
AWS Elastic Beanstalk. For more information, see Configuring HTTPS for your Elastic Beanstalk Environment in the AWS Elastic Beanstalk Developer Guide.
Elastic Load Balancing. For more information, see Update the SSL Certificate for Your Load Balancer in the Elastic Load Balancing Developer Guide.
Amazon CloudFront. For more information, see the Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
Other AWS services that use server certificates allow you to manage the server certificates directly with that service. Examples of these services include AWS OpsWorks and Amazon API Gateway.
To learn how to create and manage server certificates with IAM, see the following topics.