Worth to mention that if you want to add custom certificate into cloudfront, you need to import certificate via ACM to N.Virginia region!
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
All certificates in ACM are regional resources, including the certificates that you import. To use the same certificate with Elastic Load Balancing load balancers in different AWS regions, you must import the certificate into each region where you want to use it. To use a certificate with Amazon CloudFront, you must import it into the US East (N. Virginia) region.
1 Answers
Another thing to keep in mind is that, most definitely you can import your own SSL certs from your preferred vendor, OR you can use the free AWS SSL certs from ACM. This is incredibly useful if you want some peace of mind regarding renewals, since AWS does that on your behalf as long as you keep a CNAME record that Amazon requires to validate that you actually own the domain.
AWS at this time only provides domain verification, but they’re working to provide Extended Validation as well. It all depends on your business requirements.
Mariusz , thanks for the heads up, I read the link that you provided and it is a good tip to know.
Mariusz, good to know, thanks! 🙂
Also CloudFront and an ALB can use the same certificate if the ALB is in N.Virginia. The session incorrectly states you have to use different certificates. This is true for all regions except us-east-1. Also no mention of the legacy IAM upload-server-certificate that is still supported even if ACM is not the recommended way.