AWS Private Certificate Authority (AWS Private CA) now offers short-lived certificate mode, a lower cost mode of AWS Private CA designed for issuing short-lived certificates. With this new mode, public key infrastructure (PKI) administrators, builders, and developers can save money when issuing certificates with validity periods of 7 days or fewer. If you use certificates to convey privileged access, such as with IAM Roles Anywhere, short-lived certificates may offer better security because they expire quickly rather than relying on the need to revoke certificates with a longer validity period. With today’s launch of short-lived certificate mode, you can now use a private CA with a dedicated mode for issuing those short-lived certificates.
Source:: Amazon AWS