Study Guides/AWS Cybersecurity Notes/ACM

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

AWS Certitifate manager

This is a internal AWS managed service for SSL and TLS certificates.

One of it's major drawbacks is limited configuation options.

If a customer needs a specicifc configuration then it may not work.


It can create private certificate authaotorites.

ACM also easily intergrates with AWS ELB.


It's manin purpose is to simplify certificate use.

  • Easy to add certs.
  • You can use an email address for vertification when adding a cert.


Types of Certificate

Public
These use a public CA and are trusted by web browsers.


Private
These are only trusted by devices that are configured to use the privace CA they reference.


Wildcard certificates.
These simplifiy and save money by allowing *.mycorp.com


Some you may not know of:

  • Domain validation certficiates
Issued based on domain ownership.


  • Organization Validation certificates
A secure certificate that requires the CA to validate the legal name and address.


  • Extdend Validation cdrtificates
Thse have a rigerious vetting to process to validate identity.


Securing an S3 website

Remmeber S3 can only host HTML, JS and CSS - Static only!


When you link ACM with an S3 site HTTPS is enabled.

The SSL offloading is done via cloudfront - therefore cloud front is a requirement when enabling HTTPS on S3.


With ELB

When using with ELB consinder that ELB offloads the SSL.

  • ELB Decripts the message
  • ELB forawrds to the destination


Automation

ACM can:

  • Automatically renew certs
  • Send email reminders for manual renewal.


When you cannot renew:

  • Private certs - issued with the IssueCertfifcate API
  • Imported from external sources.
  • Anything already expired.


What it works with:

  • AWS services
Including EC2


Cases for a Private CA

  • Better control
  • Custom policies
  • Better internal resource protection & management
  • Improved incident response
  • Improved auditing
  • Central account management
  • Scalable