[英]Using AWS as certificate store
I have an application that generates PDF documents and sign them. 我有一个生成PDF文档并对其签名的应用程序。 The signature requires a certificate.
签名需要证书。
I would like to avoid certificate management headache (securing storage, access, etc). 我想避免证书管理的麻烦(确保存储,访问等)。 Therefore, I wonder if it possible to use AWS ACM for that?
因此,我想知道是否可以为此使用AWS ACM? For example, loading the certificate from ACM at application startup.
例如,在应用程序启动时从ACM加载证书。
In AWS ACM documentation, I see there is a Java SDK that allows me to get a certificate remotely. 在AWS ACM文档中,我看到有一个Java SDK可让我远程获取证书。 However, I'm not sure if it also includes the private key which I need to sign the PDF documents.
但是,我不确定它是否还包含我需要签署PDF文档的私钥。
ACM does not allow you to access the private key of your certificates. ACM不允许您访问证书的私钥。 Only ELB, ALB, and CloudFront have access to the private keys.
只有ELB,ALB和CloudFront可以访问私钥。 So it's not a fit, here.
所以这不适合。
EC2 Systems Manager Parameter Store should provide exactly what you need, though. 不过,EC2 Systems Manager参数存储应提供您所需要的。
It is a hierarchical key/value encrypted store where each "parameter" (value) is (optionally) encrypted at rest. 它是一个分层的键/值加密存储,其中的每个“参数”(值)(可选)都处于静止状态。 IAM permissions allow granular access control to specific parameters.
IAM权限允许对特定参数进行精细的访问控制。 The values can be up to 4096 characters, each, the hierarchy supports 5 levels, and has nice compliance controls.
该值最多可以包含4096个字符,每个层次结构支持5个级别,并具有良好的合规性控件。 If you change a parameter, it automatically tracks when and who made the change.
如果更改参数,它将自动跟踪进行更改的时间和对象。
The parameter store is available regardless of whether you are actually using anything else in EC2 Systems Manager. 无论您是否实际在EC2 Systems Manager中使用其他任何功能,参数存储都可用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.