AWS Certificate Manager (ACM)

Get started with AWS Certificate Manager (ACM) on LocalStack


AWS Certificate Manager (ACM) is a service that enables you to create and manage SSL/TLS certificates that can be used to secure your applications and resources in AWS. You can use ACM to provision and deploy public or private certificates trusted by browsers and other clients.

ACM supports securing multiple domain names and subdomains and can create wildcard SSL certificates to protect an entire domain and its subdomains. You can also use ACM to import certificates from third-party certificate authorities or to generate private certificates for internal use.

LocalStack supports ACM via the Community offering, allowing you to use the ACM API to create, list, and delete certificates. The supported APIs are available on our API coverage page, which provides information on the extent of ACM’s integration with LocalStack.

Getting started

This guide is designed for users who are new to ACM and assumes basic knowledge of the AWS CLI and our awslocal wrapper script.

Start your LocalStack container using your preferred method, then use the RequestCertificate API to request a new public ACM certificate. Specify the domain name you want to request the certificate for, and any additional options you need. Here’s an example command:

$ awslocal acm request-certificate \
   --domain-name \
   --validation-method DNS \
   --idempotency-token 1234 \
   --options CertificateTransparencyLoggingPreference=DISABLED

This command will return the Amazon Resource Name (ARN) of the new certificate, which you can use in other ACM commands.

   "CertificateArn": "arn:aws:acm:<region>:000000000000:certificate/<certificate_ID>"

Use the ListCertificates API to list all the certificates. This command returns a list of the ARNs of all the certificates that have been requested or imported into ACM. Here’s an example command:

$ awslocal acm list-certificates --max-items 10

Use the DescribeCertificate API to view the details of a specific certificate. Provide the ARN of the certificate you want to view, and this command will return information about the certificate’s status, domain name, and other attributes. Here’s an example command:

$ awslocal acm describe-certificate --certificate-arn arn:aws:acm:<region>:account:certificate/<certificate_ID>

Finally you can use the DeleteCertificate API to delete a certificate from ACM, by passing the ARN of the certificate you want to delete. Here’s an example command:

$ awslocal acm delete-certificate --certificate-arn arn:aws:acm:<region>:account:certificate/<certificate_ID>

For more comprehensive information on ACM, refer to the AWS Certificate Manager documentation. You can use the awslocal CLI or any integration to interact with ACM in LocalStack.


The following code snippets and sample applications provide practical examples of how to use ACM in LocalStack for various use cases: