Can I export my public ACM certificates to other AWS Regions or AWS accounts?

Short description

You can't export an ACM certificate from one AWS Region to another or from one AWS account to another. This is because the default AWS Key Management Service (AWS KMS) key used to encrypt the private key of the certificate is unique for each AWS Region and AWS account. For more information, see ACM private key security.

Resolution

You can create multiple ACM certificates with the same domain name across different AWS Regions and accounts. You can then use these certificates with services that run on AWS Certificate Manager.

For more information, see Requesting a public certificate.

Note: ACM certificates must be requested or imported in the same AWS Region as your load balancer. Amazon CloudFront distributions must request the certificate in the US East (N. Virginia) Region.

Related information

ACM certificate characteristics

How do I configure my CloudFront distribution to use an SSL/TLS certificate?

How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?

Exporting a private certificate