I'm new to AWS, could someone help me with my query please.
Q1: Why are we using ACM at AWS Load balancers / Cloudfront ?
Q2: What is the maximum limit of certificates that can be attached to an load balancer and whats the limit for number of subdomain (SAN Names) that can be associated to a single certificate?
Why are we using ACM at AWS Load balancers / Cloudfront?
If you use HTTPS (SSL or TLS) for your front-end listener, you must deploy an SSL/TLS certificate on your load balancer. The load balancer uses the certificate to terminate the connection and then decrypt requests from clients before sending them to the instances.
The SSL and TLS protocols use an X.509 certificate (SSL/TLS server certificate) to authenticate both the client and the back-end application. An X.509 certificate is a digital form of identification issued by a certificate authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer.
You can create a certificate using AWS Certificate Manager or a tool that supports the SSL and TLS protocols, such as OpenSSL. You will specify this certificate when you create or update an HTTPS listener for your load balancer. When you create a certificate for use with your load balancer, you must specify a domain name.
What is the maximum limit of certificates that can be attached to an load balancer?
Certificates per load balancer (not counting default certificates): 25
What is the limit for number of subdomain (SAN Names) that can be associated to a single certificate?
The default quota is 10 domain names for each ACM certificate. Your quota may be greater. You can request up to 100 domain names. To request an increase in your quota, create a case at the AWS Support Center.