Reputation: 7106
Using AWS as certificate store
I have an application that generates PDF documents and sign them. The signature requires a certificate.
I would like to avoid certificate management headache (securing storage, access, etc). Therefore, I wonder if it possible to use AWS ACM for that? For example, loading the certificate from ACM at application startup.
In AWS ACM documentation, I see there is a Java SDK that allows me to get a certificate remotely. However, I'm not sure if it also includes the private key which I need to sign the PDF documents.
Upvotes: 1
Views: 539
Answers (1)
Reputation: 178956
ACM does not allow you to access the private key of your certificates. Only ELB, ALB, and CloudFront have access to the private keys. So it's not a fit, here.
EC2 Systems Manager Parameter Store should provide exactly what you need, though.
It is a hierarchical key/value encrypted store where each "parameter" (value) is (optionally) encrypted at rest. IAM permissions allow granular access control to specific parameters. The values can be up to 4096 characters, each, the hierarchy supports 5 levels, and has nice compliance controls. If you change a parameter, it automatically tracks when and who made the change.
The parameter store is available regardless of whether you are actually using anything else in EC2 Systems Manager.
Upvotes: 2
Related Questions
- AWS Java SDK SSL Certificates
- Storing public certificates and private keys in AWS
- Use AWS issued certificate for a Spring Boot app
- SSL Certificate with AWS Certificate Manager?
- JAVA - Make SSL call with keystore into webservice inside AWS Elastic Beanstalk
- Truststore in AWS IoT java client?
- SSL Certificate + EC2
- Java web service SSL on AWS EC2?
- ssl certificate for aws
- SSL and Amazon AWS java SDK