aws-acm

Import a certificate

$ aws acm import-certificate --certificate-arn [certificate_arn] --certificate [certificate] --private-key [private_key] --certificate-chain [certificate_chain]

$ aws acm list-certificates

$ aws acm describe-certificate --certificate-arn [certificate_arn]

$ aws acm request-certificate --domain-name [domain_name] --validation-method [validation_method]

$ aws acm delete-certificate --certificate-arn [certificate_arn]

$ aws acm list-certificates --certificate-statuses [status]

$ aws acm get-certificate --certificate-arn [certificate_arn]

$ aws acm update-certificate-options --certificate-arn [certificate_arn] --options [options]

aws acm subcommand [options] [arguments]

add-tags-to-certificate
    Adds one or more tags to a certificate.

delete-certificate
    Deletes an ACM certificate.

describe-certificate
    Returns detailed information about a certificate.

get-certificate
    Retrieves the certificate, certificate chain, and private key.

import-certificate
    Imports a certificate into ACM.

list-certificates
    Lists certificates in the account.

list-tags-for-certificate
    Lists tags for a certificate.

remove-tags-from-certificate
    Removes tags from a certificate.

renew-certificate
    Renews an expiring certificate.

request-certificate
    Requests a public certificate.

resync-certificate
    Resyncs imported certificate metadata.

update-certificate-options
    Updates certificate renewal eligibility and key algorithm.

--region
    AWS region (e.g., us-east-1).

--output
    Output format (json|text|table).

--cli-input-json
    Perform operation using JSON input.

The aws acm command is a subcommand of the AWS Command Line Interface (CLI) used to interact with AWS Certificate Manager (ACM), a service for provisioning, managing, and deploying public and private SSL/TLS certificates. ACM handles certificate lifecycle tasks like issuance, renewal, and deployment, integrating seamlessly with services such as Elastic Load Balancing, CloudFront, and API Gateway.

With aws acm, users can request public certificates validated via DNS or email, import third-party certificates, list and describe certificates, manage tags for organization and cost allocation, renew expiring certificates automatically, and update options like key algorithm preferences. It supports both public certificates issued by ACM and private ones from ACM Private CA.

This command is crucial for securing web applications and APIs with HTTPS without managing private keys or certificate authorities manually. Operations require proper AWS credentials and IAM permissions, such as acm:RequestCertificate. Output formats include JSON, table, or text, configurable via --output. Ideal for automation in scripts, CI/CD pipelines, and infrastructure as code workflows with tools like Terraform.

Requires AWS CLI v2 recommended; IAM roles must have ACM permissions (e.g., acm:*). Public certificates free but tied to AWS services. Imported certificates incur no ACM charge but need external renewal.

List certificates: aws acm list-certificates --certificate-statuses ISSUED
Request certificate: aws acm request-certificate --domain-name example.com --validation-method DNS

Configure with aws configure for access key, secret, region. Use profiles via --profile for multi-account setups.

Introduced in 2015 with ACM launch in AWS CLI v1. Enhanced in v2 (2019+) with better performance, auto-renewal support, and private CA integration.

aws(1), aws route53(1), openssl(1), keytool(1)