🚀 Big news from AWS Certificate Manager (ACM):
You can now request exportable public TLS certificates and use them anywhere — whether it's on AWS, on-prem, or other cloud platforms.
Previously
You could only use ACM public certs inside AWS services (like CloudFront, ALB).
No access to the private key meant no usage on custom EC2 apps, containers, or hybrid setups.
But now
✅ You can export the cert + private key
✅ Use it on any compute workload
✅ Works for hybrid, multicloud, or on-prem use cases
🧪 Real-World Use Case
Let’s say you’re running a containerized app on a private EC2 instance (or even on-premises) and need a valid TLS cert from a trusted CA.
Before: You had to buy a cert from a 3rd party (like GoDaddy, Sectigo, etc).
Now: Just use ACM to get a public, exportable certificate, save time, cost, and integrate it into your automation workflows!
📦 Key Features
🔑 Exportable public certs with private key access
⏱️ Fast issuance (once domain is validated)
📆 Valid for 395 days
💰 Pricing:
- $15 per FQDN
- $149 per wildcard domain
🎯 No contract needed — one-time payment
🔄 Integrated with CloudWatch events for lifecycle automation
🔐 IAM policies to control who can request/export certificates
🛡️ Security Notes
You can’t export older certs issued before this feature
Only authorized IAM users can request exportable certs
Designed with zero trust and visibility in mind
📌 How to Get Started
Go to ACM console
Request a new public certificate
Mark it as exportable
Validate your domain
Download and install it where needed (EC2, Nginx, custom workload, etc)
💬 Final Thoughts
This feature fills a big gap for those managing hybrid infrastructure, allowing seamless cert management with AWS automation — even outside the AWS ecosystem.
It’s cheaper, faster, and tightly integrated with AWS tooling.
Perfect for DevOps, SREs, and security teams managing complex infra.
Have you tried this new ACM export feature?
Let me know how you're planning to use it in your workloads! 👇