问题
I already have a certificate from AWS Certificate Manager (ACM) when only the 1 region was available (think the US-West-1 region?) and currently being used with Cloudfront to host a website for the Australian market.
Now that ACM is available in more regions, would using a certificate created from the Sydney region have any improvements in performance?
回答1:
ACM now supports multiple regions, but that doesn't have any implications for certificates for use with CloudFront.
To use an ACM Certificate with CloudFront, you must request the certificate in the US East (N. Virginia) region.
http://docs.aws.amazon.com/acm/latest/userguide/gs-cf.html
The reason for this is that CloudFront, unlike most AWS services, where the regional implementation of the service is independent of all other regions, has all of its provisioning/administrative infrastructure based in us-east-1.
The operational infrastructure is globally distributed and independent, so the centralized management of CloudFront doesn't have performance implications. If you have performance issues, those should be investigated separately.
The announcement of new regions for ACM doesn't apply to CloudFront. It's applicable to the other service integrated with ACM, Elastic Load Balancer, which previously only supported ACM certificates in us-east-1 because that was the only region in which they were available, and ELB regions are fully independent of each other.
Follow-up: This answer was reviewed in May, 2018, two years after it was originally posted. It is still accurate, as written. Certificates for CloudFront (as well as for Edge-Optimized deployments in API Gateway, which have a somewhat hidden dependency on CloudFront) are always provisioned in the us-east-1 region of ACM.
来源:https://stackoverflow.com/questions/37289994/aws-certificate-manager-do-regions-matter