AWS Certificate Manager (ACM)

Question 1

What is ACM used for?

Answer 1

Manage x509 v3 SSL/TLS certs.

Question 2

What is a root certificate authority (Roor CA)?

Answer 2

This is the top lever signer of the certificate and is trusted by your browser or operating system vendor.

Question 3

What service does AWS Cert Manage work with?

Answer 3

• CloudFront
• API GW
• Elastic Beanstalk
• ELB
• CloudFormation

-

Question 4

How cna I use AWS Cert Manager to deploy a cert for my EC2 apache server?

Answer 4

You can do it directly, ACM will not generate a cert for Apache, you must put the ELB in front of the Apache and use the ACM with the ELB. Other option could be to use CloudFront and use ACM with CF.

Question 5

I wnat to use infrastructure as code, what options do I have for using ACM?

Answer 5

I can use CF and set up an ACM cert.

Question 6

I have to store LB certs, I want to have my certs managed, what options do I have?

Answer 6

You can use ACM, Cert Manager

Question 7

What certs will ACM manage?

Answer 7

x509 certs

Question 8

What is a cert doing and used for?

Answer 8

When establishing comms with a server the client wants to know the identity of the server they are connecting with is valid. To do this the server uses a cert and this cert is signed by a trusted party call the root, this root is trusted bt the software the client is using such as the browser like chrome.

Question 9

What services can use ACM?

Answer 9

CloudFront
BeanStalk
API GW
ELB
CloudFormation (There is a cert resource you can use to assign to ELB, CloudFront, etc)

Question 10

I have a static web site on s3, I want to use my own cert form ACM, how can I do this?

Answer 10

• Create a s3 bucket
• Enable static hosting
• Create a policy giving the public read-only access
• Create a CloudFront distro and added the bucket
• R53 added the
• R53 created an Alias
• Add cert to CloudFront, you select the ACM

Question 11

I am creating an Apache server on an EC2 instance how do I add ACM certs to the EC2 instance?

Answer 11

You can not add an ACM cert to EC2 direct as EC2 is not supported, you can place an LB in front of the EC2 and add the ACM cert to the LB.

Question 12

I am using ACM and cert with my CloudFront distro, I want to rotate the certs when needed, what script and lambda functions do I need?

Answer 12

You do not need a script of lambda, ACM handles cert rotation.

Question 13

Is ACM free?

Answer 13

Yes

Question 14

Is ACM regional or global?

Answer 14

regional

Question 15

What is a private cert?

Answer 15

It is a cert used with private resources in your organization.

Question 16

What is the difference between public and private certs?

Answer 16

Private certs are not automatically trusted by the browser as they are not signed by root.

Question 17

I have my own cert signed by a third party, it is a x509 cert, can I use this cert with ACM?

Answer 17

Yes, you can import the cert into ACM, you are responsible for monitoring the expiry.

Question 18

I need to log ACM activities for audit, what can I do?

Answer 18

ACM is supported by CloudTrail.

Question 19

What is a security policy?

Answer 19

A security policy is thet selects what encryption to use, like TLS 1, 1.1, 1.2 and cyphers when the client is negotiating a secure connection with the server.