AWS Certificate Manager (ACM) makes it easy to provision, manage, deploy, and renew SSL/TLS certificates on the AWS platform.

ACM makes it easy to procure new certificate (directly from the CloudFront console). It enables extremely fast procurement turnaround times (in minutes), and the certificate is immediately available for use in CloudFront (and ELB). The SNI support of custom certificates generated from ACM comes for free and provides a hassle-free, automatic certificate renewal process.

There are two models for SSL termination that can be implemented:

• Half bridge termination: The connection between the edge location and the end user is secured. Connection back to the origin is not secured with HTTPS. It results in better performance as it uses HTTP connections to the origin. 
• Full bridge termination: The entire access chain is secured. The first connection is terminated at the edge location and a new HTTPS connection established to the origin. This option is usually preferred when collecting data from a user or showing personalized content to the user.