AWS Certificate manager isn't allowing me to add a 2 level wildcard domain name, which would match x.a.example.com, y.b.example.com etc.

Is there a workaround for this? (instead of creating *.a.example.com, *.b.example.com etc)

Source: http://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html

Wildcard Names ACM allows you to use an asterisk (*) in the domain name to create an ACM Certificate containing a wildcard name that can protect several sites in the same domain. For example, *.example.com protects www.example.com and images.example.com.

Note: When you request a wildcard certificate, the asterisk () must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and .example.com.

Unfortunately this is not possible/supported.