Menu
AWS Certificate Manager
User Guide (Version 1.0)

Best Practices

Best practices are recommendations that can help you use AWS Certificate Manager (AWS Certificate Manager) more effectively. The following best practice is based on real-world experience from current ACM customers.

AWS CloudFormation

With AWS CloudFormation you can create a template that describes the AWS resources that you want to use. AWS CloudFormation then provisions and configures those resources for you. AWS CloudFormation can provision resources that are supported by ACM such as Elastic Load Balancing, Amazon CloudFront, and Amazon API Gateway. For more information, see Services Integrated with AWS Certificate Manager.

If you use AWS CloudFormation to quickly create and delete multiple test environments, we recommend that you do not create a separate ACM Certificate for each environment. Doing so will quickly exhaust your certificate limit. For more information, see Limits. Instead, create a wildcard certificate that covers all of the domain names that you are using for testing. For example, if you repeatedly create ACM Certificates for domain names that vary by only a version number, such as <version>.service.example.com, create instead a single wildcard certificate for <*>.service.example.com. Include the wildcard certificate in the template that AWS CloudFormation uses to create your test environment.

If you create ACM Certificates for domain names such as app.<branch>. <version>.example.com, we suggest that you change the domain structure. Place the variable names at the start of the certificate (<branch>.<version>.app.example.com) and create a wildcard certificate for the revised name structure (<*>.app.example.com).

On this page: