stackoom
  简体   繁体   中英

Does the ARN of an AWS Managed Certificate change when it is renewed?

 原文  2017-06-22 19:52:52       amazon-web-services/ ssl-certificate/ amazon-cloudformation/ amazon-elb

Question

I have a simple question, but I'm having trouble finding an answer.

When using AWS Certificate Manager, does the certificate ARN change when the certificate is renewed?

Some context:

I have a Cloudformation template that creates an autoscaling group + ELB. I use IAM certificates for HTTPS. This is a pain, because when the certificate expires, the ARN in the template needs to be changed to point to the new certificate.

My understanding is, if I switch to AWS Certificate Manager, I can use the ACM certificate ARN in my template, and the certificate can then be replaced/renewed behind the scenes, without me having to change the ARN in my template. I'm essentially abstracted from the underlying changes.

Is that a correct assumption?

2 answers

solution1
 4 ACCPTED  2017-06-22 20:10:22

If it is a managed certificate, then yes - the ARN stays that same for ACM certificates. However, if you imported your own certificate in to ACM, automatic renewals will not occur, and uploading a new one will result in a new ARN.

From the documentation :

When ACM renews a certificate, the certificate's Amazon Resource Name (ARN) remains the same.

solution2
 1  2022-05-09 14:32:16

Those who looking for answers for imported certificates, I want to point that renewal of imported certificate by reimporting will not change its ARN. I found this from documentation .

To renew an imported certificate, you can obtain a new certificate from your certificate issuer and then manually reimport it into ACM. This action preserves the certificate's association and its Amazon Resource name (ARN).

So renewal of imported certificate by reimporting will not change ARN of certificate.

I tested it with dummy certificate I created with easyrsa. Created a certificate with 10 days life(?) to expiration date and imported it to ACM. Then recreated same certificate with 30 days life(?) to expiration date. Then I renewed existing 10 days left certificate by reimporting with 30 days left certificate using aws acm import-certificate command with --certificate-arn option. After reimporting(renewal), certificate ARN didn't change.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS KMS ARN a secret? Gcloud LoadBalancer: change Google Managed certificate without downtime How to get AWS SQS queue ARN in nodeJS? Bash - Extract region from AWS arn AWS::WAFv2::LoggingConfiguration encounter invalid ARN when creating stack with Cloudformation Wrong resource Group when I create a Managed Certificate in Azure how to get arn of AWS::ApiGateway::Method AWS ECS: Invalid service in ARN (Service: AmazonECS; ...) How to retrieve ARN through AWS SDK for Go AWS Multi Environment Secrets Manager arn keys
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM