Certified Security - Specialty

Sign Up Free or Log In to participate!

Custom certificate for cloudfront – requirements

Worth to mention that if you want to add custom certificate into cloudfront, you need to import certificate via ACM to N.Virginia region!


All certificates in ACM are regional resources, including the certificates that you import. To use the same certificate with Elastic Load Balancing load balancers in different AWS regions, you must import the certificate into each region where you want to use it. To use a certificate with Amazon CloudFront, you must import it into the US East (N. Virginia) region.


Mariusz , thanks for the heads up, I read the link that you provided and it is a good tip to know.


Mariusz, good to know, thanks! 🙂

Eric Gauthier

Also CloudFront and an ALB can use the same certificate if the ALB is in N.Virginia. The session incorrectly states you have to use different certificates. This is true for all regions except us-east-1. Also no mention of the legacy IAM upload-server-certificate that is still supported even if ACM is not the recommended way.

1 Answers

Another thing to keep in mind is that, most definitely you can import your own SSL certs from your preferred vendor, OR you can use the free AWS SSL certs from ACM. This is incredibly useful if you want some peace of mind regarding renewals, since AWS does that on your behalf as long as you keep a CNAME record that Amazon requires to validate that you actually own the domain.

AWS at this time only provides domain verification, but they’re working to provide Extended Validation as well. It all depends on your business requirements.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?