Manage AWS Certificate Manager Certs with AppViewX.

Cloud has become ubiquitous to organizations irrespective of being large, medium, or small scale. With quick deployment of websites or services to Kubernetes-based clusters in the Cloud, SSL is being widely used to secure them. The sheer volume of creating, installing, and managing certificates becomes crucial on the cloud with multiple accounts. To add to the complexity for the administrators already handling multiple CAs for their organizations, the addition of Cloud Providers offering their Public and Private CA (Certificate Authority) services does not makes the job easier.

With Appviewx CERT+ administrators can easily manage and monitor their SSL certificates issued by the cloud providers. This document considers AWS because of its footprint in the Cloud space. As of Q1 2022, they remain the leader with 33% of the market share.1

Appviewx has a baked-in capability to support the ACM (Amazon Certificate Manager) service both for the public and the PCA (Private Certificate Authority).

With a few ACM parameters on AppViewX like:

• Access Key ID
• Secret Access Key
• Service Region

And permissions on AWS like:

• IAM policy permitting AppViewX ID to access ACM
• S3 actions allowed for the ACM service

you are all set to start issuing the certificates from the ACM.

With the CA setup completed, the administrators have the advantage of:

• Listing all the certificates in a single pane as AppViewX can perform discovery on the ACM and thereby collecting all the certificates and populating them in the CERT+ inventory.
• Obtaining expiry notifications over emails for the desired teams/participants.
• Automating certificate renewal without any user intervention on the ACM.
• Create new certificates; bulk certificate creation and on-board on the CERT+ inventory.
• Performing the domain validation for certificates by creating the DNS (TXT, CNAME) records with AppViewX without any intervention.
• Mapping SSL certificates to ADCs, Firewalls, WAFs, and Servers on specific profiles/applications.
• Leveraging workflow (VW) feature in AppViewX to deliver automation with customized activities as per the need/requirements.
• Using the RBAC feature to control visibility for the end users only to view the certificates they should.
• Delivering the certificates to the respective owners over email or email DL as per the requirement.
• Using CA policies to create certificates with pre-set CSR parameters etc.

The above-mentioned points are not exhaustive but are some of the advantages that you can have with AppViewX and that with ease.

Without AppViewX at the helm of CLM, it is a manual process that increases the administrative overhead. The administrators are required to keep track of all the certificates, where they are being used, expiry dates, renewal, revocation, managing CA details, etc. It also involves manually sending the newly issued certificates to the right team or individuals, notifying them on expiry or revocation or any change. In most cases, the administrators are also in charge of applying certificates to the ALBs, ELBs, other AWS services, and Server and Load Balancers (for PCA) and all of this requires accurate tracking. All of this becomes overwhelming as the volume of certificates being used increases which is quite normative these days.

Thus, if you are using AWS ACM or any CA in general, AppViewX can optimize your CLM and related workloads and give the administrators efficiency in managing the CLM.