[Deathmax]

But that's what the grandparent was complaining about though? If you're not using the provider's managed services, then nothing is stopping you from running your own ACME client to provision certificates without paying the cloud provider money for certs.

[jiggawatts]

"AWS Certificate Manager supports a growing number of AWS services. You cannot install your ACM certificate or your private ACM Private CA certificate directly on your AWS based website or application."

Free certificates you can't use on EC2 virtual machines are basically worthless, at least for me.

Stop internalising your 1990s architecture limitations! You shouldn't need to pay for a Layer 7 load balancer for an application that doesn't need it. A 1-core web server VM can easily put out 1-2 Gbps of HTTPS traffic. You don't need SSL offload. A crypto accelerator card is not required. You don't need an appliance to do HTTPS. You can have end-to-end HTTPS without additional infrastructure. Both Windows and Linux can do TLS out-of-the-box. You don't need a vendor to give you special permission to have security. There is no need to pay GoDaddy or DigiCert for a certificate.

The vendors are pulling the wool over your eyes, convincing you that your out-of-date thinking is good and proper, and then charging you for the privilege of having the bare minimum security that should be free as standard.

[efitz]

AWS ACM has always been free. ACM has never allowed you to export private keys. However ACM does have a way[1] for you to use ACM keys with EC2 instances: Nitro Enclaves. Nitro Enclaves carve off a little piece of your EC2 instance (memory + VCPU) into an isolated VM that feels a little bit like an HSM or a secure enclave.

[1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-encla...

[marcinzm]

If it's your own EC2 instance and you're not using a load balancer then why can't you just use Let's Encrypt?

[fomine3]

Just use certbot or alternatives, what's the problem?