The docs for AWS Certificate Manager (ACM) are very clear that we cannot export a public cert -- especially its private key.
Is there a security reason for that? What's so bad in doing that?
Because SSL certificates aren't cheap and AWS supplies the certificates for free only to use with other AWS services. If AWS allows this, you can use anywhere and what will be the point of enabling clients to create free certificates? I can agree with you in one point, maybe AWS can allow exporting certificates and charge client as if client bought the certificate. Other than that, its disallowance isd mostly business related I think.