docs/documentation/platform/pki/applications/certificate-syncs/aws-certificate-manager.mdx
Push certificates from your Application to AWS Certificate Manager (ACM). Certificates synced to ACM can be used with Elastic Load Balancers, CloudFront, API Gateway, and other AWS services.
<Info> Certificate Syncs are configured per Application. First select which certificates to sync, then configure the ACM destination. </Info>acm:ListCertificatesacm:DescribeCertificateacm:ImportCertificateacm:DeleteCertificateacm:ListTagsForCertificate 2. Select the **AWS Certificate Manager** option.
3. Configure the **Destination**:
- **AWS Connection**: The AWS Connection to authenticate with.
- **AWS Region**: The AWS region where certificates should be stored.
4. Configure the **Sync Options**:
- **Enable Removal of Expired/Revoked Certificates**: Remove certificates from the destination if they are no longer active in Infisical.
- **Preserve ARN on Renewal**: Sync renewed certificates under the same ARN instead of creating a new one.
- **Include Root CA**: Include the Root CA certificate in the certificate chain.
- **Certificate Name Schema**: Customize certificate tags. Must include `{{certificateId}}`. Defaults to `Infisical-{{certificateId}}`.
- **Auto-Sync Enabled**: Automatically sync certificates when changes occur.
5. Configure the **Details**:
- **Name**: The name of your sync (slug-friendly).
- **Description**: Optional description.
6. Select which certificates should be synced.
7. Review and click **Create Sync**.
</Tab>
<Tab title="API">
To create an **AWS Certificate Manager Certificate Sync**, make an API request to the [Create AWS Certificate Manager Certificate Sync](/api-reference/endpoints/pki/syncs/aws-certificate-manager/create) API endpoint.
### Sample request
<Note>
You can optionally specify `certificateIds` during sync creation to immediately add certificates to the sync.
If not provided, you can add certificates later using the certificate management endpoints.
</Note>
```bash Request
curl --request POST \
--url https://app.infisical.com/api/v1/cert-manager/syncs/aws-certificate-manager \
--header 'Authorization: Bearer <access-token>' \
--header 'Content-Type: application/json' \
--data '{
"name": "my-acm-cert-sync",
"applicationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"description": "an example certificate sync",
"connectionId": "550e8400-e29b-41d4-a716-446655440000",
"destination": "aws-certificate-manager",
"isAutoSyncEnabled": true,
"certificateIds": [
"550e8400-e29b-41d4-a716-446655440000",
"660f1234-e29b-41d4-a716-446655440001"
],
"syncOptions": {
"canRemoveCertificates": true,
"preserveArnOnRenewal": true,
"includeRootCa": false,
"certificateNameSchema": "myapp-{{certificateId}}"
},
"destinationConfig": {
"region": "us-east-1"
}
}'
```
### Sample response
```json Response
{
"pkiSync": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "my-acm-cert-sync",
"description": "an example certificate sync",
"destination": "aws-certificate-manager",
"isAutoSyncEnabled": true,
"destinationConfig": {
"region": "us-east-1"
},
"syncOptions": {
"canRemoveCertificates": true,
"preserveArnOnRenewal": true,
"includeRootCa": false,
"certificateNameSchema": "myapp-{{certificateId}}"
},
"applicationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"connectionId": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-01T00:00:00.000Z",
"updatedAt": "2023-01-01T00:00:00.000Z"
}
}
```
</Tab>
The AWS Certificate Manager Certificate Sync provides:
You can manually trigger certificate synchronization to AWS Certificate Manager using the sync certificates functionality. This is useful for:
To manually sync certificates, use the Sync Certificates API endpoint or the manual sync option in the Infisical UI.