AWS Certificate manager allows you to utilize TLS, sometimes referred to SSL, certificates and utilize in-flight encryption. You can even use the TLS certificate on an ALB. You have the option to request a public certificate from AWS simply select a domain name choose a validation method email or DNS, DNS is better for automation purposes. Email will reference the WHOIS database and send an email to get confirmation, DNS validation will provide a value you add as a CNAME to your DNS configuration to validate you have ownership of the domain. Certificates requested through ACM automatically renew in 60 days, imported certificates need to be renewed manually.