AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
Why can't I configure ACM certificates for my website that's hosted on an EC2 instance?
I want to configure AWS Certificate Manager (ACM) certificates for my website that's hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
To configure an ACM public certificate for a website that's hosted on an EC2 instance, you must export the certificate or use it with other AWS services. You can use one of the following options:
- Use exportable public certificates
- Associate the ACM certificate with a load balancer
- Use ACM for Nitro Enclaves
Resolution
Use exportable public certificates
For information about exportable public certificates, see ACM exportable public certificates.
Note: Additional charges apply to exportable certificates. For more information, see AWS Certificate Manager pricing.
Associate the ACM certificate with a load balancer
Note: Request or import the ACM certificate in the same AWS Region as your load balancer. Amazon CloudFront distributions must request the certificate in the US East (N. Virginia) Region.
First, request a public certificate.
Then, to associate the SSL/TLS certificate with a load balancer, complete the following steps:
- If you don't have a load balancer, then create an Application Load Balancer, Network Load Balancer, or Classic Load Balancer. Or, create a CloudFront distribution.
- Associate the certificate with your load balancer, or configure a CloudFront distribution to use the SSL/TLS certificate.
- Register the EC2 instance with your load balancer or CloudFront distribution:
For an Application Load Balancer or Network Load Balancer, see Register or deregister targets by instance ID.
For a Classic Load Balancer, see Register an instance.
For a CloudFront distribution, see Use Amazon EC2 (or another custom origin). - Route traffic to your load balancer or CloudFront distribution.
Use ACM for Nitro Enclaves
You can also install and configure ACM for Nitro Enclaves to use public and private SSL/TLS certificates with your web applications and web servers. The web applications and web servers must run on EC2 instances. ACM for Nitro Enclaves works with NGINX servers and Apache HTTP servers that run on EC2 instances.
Related information
Security for certificate private keys
AWS Certificate Manager email validation
AWS Certificate Manager DNS validation
Making Amazon Route 53 the DNS service for an existing domain
- Language
- English
I used to follow the described setup in the free tier to test out a fun project of mine for the last couple of months but that's not the case anymore. As AWS started charging for public IPV4 addresses, and Application Load Balancers need public IPV4 addresses. Is there a way to still use the ACM certificate without being billed for the public addresses?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Thank you for this article.
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
