Any drawbacks to AWS certificate manager wildcard certificates?

Solution 1:

The upside is that it's very flexible. A wildcard cert allows you to add alternate domains in the future. The "normal" downsides to a star cert in general is they can be expensive and they create the potential for a security vulnerability.

For your use case they are not expensive at all, AWS Certificate Manager is free:

Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

Regarding the security vulnerability, it's really an issue when you're loading a star cert onto a server. Since the ACM certificate is managed internally and used on an AWS service it's far less vulnerable.

You cannot install public ACM certificates directly on your website or application. You must install your certificate by using one of the services integrated with ACM and ACM PCA

I've included a couple of references providing more details about wildcard cert vulnerabilities.

References

Certificate Manger Pricing

ACM Overview

Wildcard Certificates Make Encryption Easier but Less Secure

What Vulnerabilities Could Be Caused by a Wildcard SSL Cert

Search over different types of documents such as DjVU sometimes without OCR?

Is it possible to download a podcast directly to an iPod Touch without jailbreaking?

Is AnySearch browser extension from Apple's Extension Gallery malware?

Function keys stop working after a while in Mojave

Accessing my school admin's username & password to un-install the securly certificate on MacBook Air

Having problems changing shortcut keys combination for input source