AWS Private Certificate Authority introduces integration with Kubernetes
Share
Services
ACM Private Certificate Authority (CA) now supports an open source plugin for cert-manager that offers a more secure certificate authority solution for Kubernetes containers. cert-manager is a widely-adopted solution for TLS certificate management in Kubernetes. Customers who use cert-manager for application certificate lifecycle management can now use this solution to improve security over the default cert-manager CA, which stores keys in plaintext in server memory. Customers with regulatory requirements for controlling access to and auditing their CA operations can use this solution to improve auditability and support compliance.
Kubernetes containers and applications use digital certificates to provide secure authentication and encryption over TLS. With this plugin, cert-manager requests TLS certificates from Private CA, a highly available, auditable, and managed CA that secures CA keys using FIPS-validated Hardware Security Modules (HSMs). The integration supports certificate automation for TLS in a range of configurations, including at the ingress, on the pod, and mutual TLS between pods. You can use the AWS Private CA Issuer plugin with Amazon Elastic Kubernetes Service, self managed Kubernetes on AWS, and Kubernetes on-premises.
To learn more about the plugin and see the step-by-step instructions to configure it visit this blog: [TLS-enabled Kubernetes clusters with ACM Private CA and Amazon EKS](https://aws.amazon.com/blogs/security/tls-enabled-kubernetes-clusters-with-acm-private-ca-and-amazon-eks-2/). You can get the plugin from [GitHub](https://cert-manager.github.io/aws-privateca-issuer) .
Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA. CA administrators can use Private CA to create a complete CA hierarchy, including online root and subordinate CAs, with no need for external CAs. With Private CA, you can create private certificates for your resources in one place with a secure, pay as you go, managed private CA service.
[cert-manager](https://cert-manager.io/docs/) is an add on to Kubernetes to provide TLS certificate management. cert-manager requests certificates, distributes them to Kubernetes containers, and automates certificate renewal. cert-manager ensures certificates are valid and up to date, and attempts to renew certificates at an appropriate time before expiry.
For a list of regions where Private CA is available, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm-pca%5Fregion).
To get started with Private CA visit the [Getting Started](/certificate-manager/getting-started/) page.
What else is happening at Amazon Web Services?
Amazon AppStream 2.0 users can now save their user preferences between streaming sessions
December 13th, 2024
Services
Share
AWS Elemental MediaConnect Gateway now supports source-specific multicast
December 13th, 2024
Services
Share
Amazon EC2 instances support bandwidth configurations for VPC and EBS
December 13th, 2024
Services
Share
AWS announces new AWS Direct Connect location in Osaka, Japan
December 13th, 2024
Services
Share
Amazon DynamoDB announces support for FIPS 140-3 interface VPC and Streams endpoints
December 13th, 2024
Services
Share