The AWS Certificate Manager can be used to provision SSL certificates for custom domains provided we can verify domain ownership. It’s important to know that we can only associate a single certificate to a CloudFront distribution so be sure to include all the names in the certificate. It does support wildcards as well such as *.example.com.

We can also import an existing certificate into CloudFront. It needs to be imported into the US East (N. Virginia) region.

Go to https://console.aws.amazon.com/acm/ Click Request a certificate Select Request a public certificate and click the Request a certificate button on the bottom right Specify the domain names on the certificate (example.com, www.example.com) and click Next Choose DNS or Email validation and click Review Click Confirm and Request Follow the on-screen prompts on how to verify the request

Once verified, the certificate should show the Status as Issued as shown below: