AWS ACM
How to automatically deploy SSL certificates to AWS Certificate Manager (ACM).
Overview
AutoSSL can automatically import newly issued SSL certificates into AWS Certificate Manager (ACM). Once imported, the certificates can be attached to various AWS resources like Application Load Balancers, API Gateways, and more.
For instructions on how to manage and run this deployment, please refer to the Deployment Management section.
Configuration Parameters
When you add or edit this deployment target in the AutoSSL console, you will need to configure the following parameters:
| Parameter | Description | Example |
|---|---|---|
| Region | The AWS Region where you want to import the certificate. | us-east-1 |
| Certificate ARN | (Optional) If provided, the new certificate will be imported as a renewal/update to this existing ARN instead of creating a new one. | arn:aws:acm:us-east-1:123456789012:certificate/uuid |
How it Works
When AutoSSL deploys a certificate to AWS ACM (e.g., in the us-east-1 region), it performs the following steps:
Import Certificate:
- Calls the AWS ACM API (
ImportCertificateCommand) to upload the certificate, private key, and certificate chain to the specified region (us-east-1). - If a
Certificate ARNwas provided in the configuration (e.g.,arn:aws:acm:us-east-1:123456789012:certificate/uuid), ACM will update that specific certificate. - If no ARN was provided, a brand new certificate resource is created in the specified AWS Region.
Access Key Requirement
To interact with the AWS API, this provider requires an AWS Access Key.
Required Permissions
The Access Key must belong to an AWS IAM user with permissions to import certificates into ACM.
You need to attach an IAM policy to your user with at least the following actions:
acm:ImportCertificate
For more information on how to manage IAM permissions, please refer to the AWS IAM Documentation.