AWS Certificate Manager

AWSSecurityFree tier available

Provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and internal connected resources, with free public certificates and fully managed private CA via ACM Private CA

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in HoneycombSee AWS regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingAWS website

Jurisdictional exposure

Provider HQ
USSeattle, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACCNEEAEUUKUSOther40 regions across 7 jurisdictions
Sovereign option
Yes — 6 sovereign-flagged regions available
Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Attributes

SLA Uptime
99.9%
Auto Renew
Yes

Sub-services (3)

ACM Public Certificates

Free public TLS certificates with automatic renewal

ACM Private CA

Managed private certificate authority for internal PKI hierarchies

Imported Certificates

Bring-your-own third-party certificates stored in ACM

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

40 regions
28 countries
6sovereign
Sovereign regions (6)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (34)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (3)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)
  • Asia Pacific (New Zealand)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

tlssslcertificatespkisecurity

Equivalent services on other platforms

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Certificate ManagerGCP

Centralised TLS certificate provisioning and lifecycle management across Google-managed and self-managed certs, with wildcard and SAN support, automatic renewal, and deployment to External Application Load Balancers, Cross-Cloud Network Load Balancers, and Cloud Run

Certificate Authority ServiceGCP

Hosted private PKI for issuing and managing X.509 certificates inside an organisation — root and subordinate CAs, automated lifecycle (rotation, revocation), and Cloud KMS-backed signing keys, replacing self-managed OpenSSL or Active Directory CS deployments

OCI CertificatesOracle

Managed public and private TLS certificate service with private CA hierarchies, automatic rotation, wildcard and SAN support, and native integration with Load Balancer, API Gateway, and the OCI Web Application Firewall

Pricing

Pricing model:freemium