How secure is SSL private key in AWS ELB service?
We host a cluster of microservices on AWS. The cluster has a public-facing gateway that uses an Elastic Load Balancer to terminate SSL traffic. The certificate is issued by AWS Certificate Manager (ACM).
One of our clients is concerned about the wildcard: they say that in the unlikely but not impossible event of leaking the SSL private key, the attacker could create a website with an arbitrary subdomain using this certificate.
While this is certainly true, the question is how likely is this to happen? I've read ACM Private Key Security by AWS, which explains how the private key is stored and handled. It is stored in KMS, which is sufficiently secure, as it stores all cryptographic keys in certified HSMs (this is explained in KMS Cryptographic Details whitepaper). However, I couldn't find any information about the security of ELB service, who gets the decrypted SSL private key as a service, integrated with ACM. Is there any official documentation from AWS on it or any other reasoning on why this approach is secure enough?
Of course, the concern could be resolved by replacing the wildcard a fixed list of FQDNs, but it would create unwanted maintenance overhead in case a subdomain is added or removed (this happens quite often).
