AWS Certificate Manager (ACM) provides a way to issue widely accepted Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for any domain that the user controls. Issued certificates can be used with all AWS services.
The ease-of-use, price, and integration level of ACM certificates can't be beaten in an AWS stack, to the point where questions should be asked if external certificates are being used.
- ACM issued certs can't be exported from the service, so they can't be abused by third parties
- Certificate renewal can be automatic
- Configuring the use of ACM certs with AWS services is much easier than the use of externally issued TLS certificates
- ACM issued certs are free
- ACM issued certs can only be used in AWS provided services