About two weeks ago, Amazon (NASDAQ:AMZN) announced that custom SSL domain names and root domain hosting support features had been enabled for content owners looking to deliver static and dynamic content via Amazon's CloudFront delivery service. After the announcement, I got many inquiries from content owners asking why Amazon is charging $600 per month for each custom SSL certificate associated with one or more CloudFront distributions. Even though this monthly fee is pro-rated by the hour, and in many cases would be cheaper than $600 a month, customers who use other CDNs say most Amazon competitors only charge $200 a month.
But like a lot of content delivery services and cloud solutions in the market today, many aren't fairly comparing one service to the other. In this case, many customers aren't making an apples to apples comparison between shared certificates (what most CDNs offer at a lower price) and dedicated certificates (which is what Amazon offers). To use Amazon's "dedicated certificate" feature today, customers upload their own dedicated SSL certificate to AWS, associate their certificate with a CloudFront distribution, and have the certificate propagated to the entire global network of CloudFront edge servers to be served in response to end user requests for that distribution. Amazon allocates a set of IP addresses to each cert, and scales this set of IP addresses as the customer's traffic warrants. A distinct set of IP addresses is needed because each CloudFront IP address handed out for HTTPS must map to exactly one SSL certificate.
What some CDNs offer is a "shared certificate" model, where they will add multiple customers (i.e., multiple domains names) on a single shared SAN (subject alternate name) SSL certificate. This helps those CDNs lower their cost per customer (because one cert is shared by many customers), and therefore they are able to offer this functionality to their customers for a lower price. Amazon says when they talked to their customers, they told them that "dedicated certificates" is their preferred option as it gives them the security, performance and availability they expect.
In addition, to use Amazon's Custom SSL feature, there are no fees for professional services, no set up fees and no extra charges for the SSL bytes transferred (something some other CDNs charge). Plus, Amazon isn't charging anything extra for dynamic content delivery, which makes it a great choice for customers who want to deliver an entire website (both static and dynamic content) in a secure manner.
When looking at any kind of content delivery offering or feature in the market today, it's important to fairly compare one service to the other, as accurately as possible. You can't compare companies, as a whole to one another, only the specific functionality of each product they offer that is the same. In this case, what Amazon is selling with their SSL service is different from what most other CDNs sell as their normal SSL offering. That's not to say other CDNs can't offer "dedicated certificates" like Amazon is, but then their pricing is no longer $200.