Aws private certificate authority

AWS Private Certificate Authority (AWS Private CA) is a managed service that provides users with the ability to create and manage private certificates for their internal applications and services. AWSPCA allows the issuance of private TLS/SSL certificates for securing communication between Kubernetes components, such as pods, services, and applications.

This service helps automate the lifecycle of certificates, ensuring timely renewal and revocation, thereby reducing the risk of security breaches due to expired or compromised certificates.

graph TD aws-privateca-->|issues on cluster|cert-manager cert-manager-->|checks validity of certificate|aws-privateca cert-manager-->|issues and renews|certificate subgraph aws-resources subgraph EKS cluster subgraph aws-pca-namespace aws-privateca end subgraph cert-manager-namespace cert-manager end subgraph example-application-namespace application application-ingress certificate end end subgraph aws-certificate-manager root-authority subordinate-authority end subgraph load balancers example-application-lb end end application<-->|exposed via|application-ingress certificate[certificate as an encrypted secret]-->|passed into config|application-ingress application-ingress<-->|accepts requests|example-application-lb root-authority-->|grants|subordinate-authority subordinate-authority-->|issues certificates using service role|aws-privateca example-application-lb-->|DNS used in certificate request|cert-manager