Aws private certificate authority

AWS Private Certificate Authority (AWS Private CA) is a managed service that provides users with the ability to create and manage private certificates for their internal applications and services. AWSPCA allows the issuance of private TLS/SSL certificates for securing communication between Kubernetes components, such as pods, services, and applications.

This service helps automate the lifecycle of certificates, ensuring timely renewal and revocation, thereby reducing the risk of security breaches due to expired or compromised certificates.

aws-resources

load balancers

aws-certificate-manager

EKS cluster

example-application-namespace

cert-manager-namespace

aws-pca-namespace

issues on cluster

checks validity of certificate

issues and renews

exposed via

passed into config

accepts requests

grants

issues certificates using service role

DNS used in certificate request

example-application-lb

aws-privateca

cert-manager

certificate as an encrypted secret

application

application-ingress

root-authority

subordinate-authority

back