Possible to use custom SSL certificate?

[d-felton-dewynters]

Regarding the provisioning of SSL certificates for Amplify apps. I can see the SSL certificate is usually provisioned by AWS Certificate Manager (ACM). ACM allows you to import external certs, but I can't see an option anywhere to choose the cert that is used by the Amplify app.

[swaminator]

Currently not supported. We can take this as a feature request.

[spik3s]

Custom SSL certificates are definitely a must have. We run an e-commerce app and having a proper certificate is very important, can't use in production without it :(

[prionator]

Would love custom SSL certs in Amplify!

[wbroek]

Adjusting settings of the SSL/TLS (like versions) would be great and using AWS Certificate Manager even better

[diego-palmeira]

Hi, Custom certificates from Certificate Manager (similar to API Gateway) is a must to have, definitively.

Are you working on it? When it will be integrated?

[swaminator]

This is on our 2020 roadmap. We'll notify you when we are close to ready.

[pefi1011]

Is the other way around possible? Can I use a certificate which AWS Amplify generated for my Application Load Balancer? I cannot see the generated certificate within Certificate Manager

[mike-niemand]

Neither can I. Why have ACM if certificates created in Amplify are not visible in it?

[simpson]

Is this still being considered?

[johnsorianodev]

You can use s3 bucket website hosting point cloudfront on it that has attached custom certificate.

[mwarkentin]

@swaminator We have a similar (but not directly related issue) where we would like to replace an email-validated ACM certificate with a DNS-validated certificate, however our Amplify Console applications are connected to the email-validated cert with no way to swap out for the newer one.

We want to delete (or let expire, delete preferable) the old email-validated cert but we can't do so until we've migrated our Amplify Console applications to the new cert. It's not clear what exactly would happen if we let the old cert expire - would Amplify Console pick up our other certificate or would it just start failing?

[bryantbiggs]

@swaminator - any update on this? we will have to eject from Amplify because we can't pass security requirements without being able to make adjustments to the TLS/SSL versions/cipher suites utilized

[jimjoes]

+1 - this is starting to be a deal breaker for us. Shame there's been no update from the team. 2020's running out!

[frebouje]

👍 Around +25 production sites we could consider migrating to Amplify this year once the custom SSL are delivered. And at least 30 new ones next year that could be implemented directly on Amplify as well.

@swaminator : Can I kindly ask you to provide some high level visibility if possible on your end, as Amplify could become one of our key pillars for our digital platform next year :)

[winston-dhanraj]

Same here, just good for quick proof of concept demo apps. Can't go to production without Custom certs support

[jimjoes]

+100 I have a non-amplify app in the same account that I need to be able to use on a subdomain of the domain managed by amplify . Being unable to access the certificate from cloudfront prevents this, afaict. We use this pattern for a number of clients.

[jnapprogs]

Is it common for AWS teams to leave comments with no updates for 1+ years? What's everyone up to? People rely on these services and all we get is ridiculous response times

[ubaySG]

Some brief update would be great as it will help making a migration decision.

[bryantbiggs]

@ubaySG / @jnapprogs / @econtentmaps / @winston-dhanraj see https://github.com/aws-amplify/amplify-console/issues/833 - its a duplicate issue where AWS has stated: https://github.com/aws-amplify/amplify-console/issues/833#issuecomment-719079156

[jimjoes]

This request is about being able to 'see' the certs created by Amplify from other AWS services, I thought?

[bryantbiggs]

no, for example we had 18 amplify apps that we sent AWS and they set the min TLS version to 1.2 for us. it sounds like we should be able to control this through the console in the very near future but at least that helped out a lot until then

[watilde]

+1 on this. I've heard from several developers that they need to support EV certificate for enterprise customers and apparently this is the blocker to adopt Amplify. Let me cc @swaminator to share the use case.

[KhaledF]

+1

[david-fractiunate]

+1 We need to move our apps back to s3 & cdn as well, any updates on this topic, where could we push it?

[glynjackson]

Any updates in 2021 from your 2020 roadmap?

[mb-genvis]

Anything? Would be nice to see some options on TLS policies or options on SSL certs etc.

[jfreeley-ninthwave]

+1 .. need to find/download the cert that was created in Amplify when adding custom domain.

[Legym]

Has there been any more updates on this?

[bryantbiggs]

look at the number of issues - don't use Amplify

[jimjoes]

@bryantbiggs "look at the number of issues - don't use Amplify"

I couldn't agree more. Use Pulumi instead and that allows you to just migrate away from AWS products that don't work rather than sit around for years while they get round to things.