When we researched impacts of the ROCA vulnerability, the Estonian government limited the impact with a cut-off date. ROCA only applied after that date. It now appears that Gemalto had another problem before that cut-off date.
We have upgraded the KeyChest infrastructure to serve the growing user base. It is the first step for our new version, with real-time notifications, internal certificate monitoring, automated renewals, and faster discovery of new certificates.
Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial security/authorization setup.
Amazon is pretty good at providing a cloud platform with all the tools and infrastructure you may possibly need without looking into the small print. CPU credits are an exception.