SSL for All; AWS Rolls Out Certificate Manager
Adding encryption to a website has always been more complex than it should be, but Amazon wants to simplify the process for its AWS users with its new Certificate Manager offering.
Deploying SSL/TTL encrypted sites on AWS previously meant managing certificates manually. Amazon's new service, however, will provide a free, automatically upgraded SSL/TLS certificate for sites supported by the company's load balancing and CDN systems. AWS Certificate Manager doesn't actually deploy certificates to AWS-hosted servers. Instead, the services to which it deploys -- AWS Elastic Load Balancers and Amazon CloudFront distributions -- support SSL offload. EC2 instances that need SSL/TLS are placed behind or proxied with those services, and the actual encryption is off-loaded to the load balancer or CloudFront.
AWS Certificate Manager essentially automates the registration and renewal of SSL/TLS certificates for AWS Elastic Load Balancers and Amazon CloudFront distributions. There are no charges incurred by using AWS Certificate Manager itself, and the certificates cost nothing. Also, as with Amazon's other encryption management products, it provides a single point of storage for SSL/TLS certificates used on AWS.
Certificate Manager currently is available in only one region -- the Eastern United States -- but other regions will come online later. Plans are also in the works to add Certificate Manager support to "other AWS services and for other types of domain validation."