AWS ACM PCA (Private CA)

I was trying to figure out storage for private root CA management today at work and started reading about the new AWS ACM PCA feature. The feature sounded really cool and relevant to what I am doing so I wanted to use it.

Some features that caught my eye:

  • Manage private and certificate securely.
  • Handle generation of Certificate from CSR.
  • Manage revocation list.

Then there is one thing I really wanted from this thing.

  • AWS IoT integration. Currently you would need to insert the intermediate CA into IoT manually.

Just the fact that the private and certificate being managed in a secure way was a really compelling feature to use this thing. However, the price tag on this thing kind of put me off… $400 per root CA. I know there are other providers out there but are they all this expensive?