ACM now supports automated certificate management for Kubernetes

AWS Certificate Manager (ACM) now automates certificate provisioning and distribution for Kubernetes workloads through AWS Controllers for Kubernetes (ACK). Previously, ACM automated certificate management for AWS-integrated services like Application Load Balancers and CloudFront. However, using ACM certificates with applications terminating TLS in Kubernetes required manual steps: exporting certificates and private keys via API, creating Kubernetes Secrets, and updating them at renewal. This integration extends ACM's automation to any Kubernetes workload for both public and private certificates, enabling you to manage certificates using native Kubernetes APIs. With ACK, you define certificates as Kubernetes resources, and the ACK controller automates the complete certificate lifecycle: requesting certificates from ACM, exporting them after validation, updating Kubernetes Secrets with the certificate and private key, and automatically updating those Secrets at renewal. This enables you to use ACM exportable public certificates (launched in June 2025) for internet-facing workloads or AWS Private CA private certificates for internal services in Amazon EKS or other Kubernetes environments. Use cases include terminating TLS in application pods (NGINX, custom applications), securing service mesh communication (Istio, Linkerd), and managing certificates for third-party ingress controllers (NGINX Ingress, Traefik). You can also distribute certificates to hybrid and edge Kubernetes environments. This feature is available in all commercial, AWS GovCloud (US), and AWS China regions where ACM is available. To learn more, visit the [Git hub link](https://github.com/aws-controllers-k8s/acm-controller) or read our [documentation](https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html) and our [pricing page](https://aws.amazon.com/certificate-manager/pricing/).