Open hscheib opened 1 year ago
Sad to see the original announcement promises "support will be coming soon", yet here we are, nine months later, with seemingly no progress.
It looks like this is supported now: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-keyalgorithm
And in CDK: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_certificatemanager.Certificate.html
Name of the resource
AWS::CertificateManager::Certificate
Resource name
No response
Description
I am requesting
KeyAlgorithm
be added to AWS::CertificateManager::Certificate.After reading this blog post https://aws.amazon.com/about-aws/whats-new/2022/11/aws-certificate-manager-elliptic-curve-digital-signature-algorithm-tls-certificates/
From the AWS ACM Web Console, I am able to successfully create a Certificate with
EC_secp384r1
KeyAlgorithm and use the certificate successfully.I then attempted to create a
EC_secp384r1
certificate via CDK but was not able to set the KeyAlgorithm and noticed it not available with cloudformation.I am not sure if I need to submit request as the blog post says "CloudFormation support will be coming soon" at the end, but I did not find a feature request on the roadmap, so wasn't sure if it was being track here :)
Other Details
My team has created an ACM Private Certificate Authority for issuing certs via CDK. We set it to be Elliptic curve based but once we started to try to issue certificates with it, we noticed we could not set KeyAlgorithm with cloudformation and it defaults to RSA2048 which doesn't match our PCA KeyAlgorithm.