Add Key Algorithm option to ACM Certificate

[hscheib]

Name of the resource

AWS::CertificateManager::Certificate

Resource name

No response

Description

I am requesting KeyAlgorithm be added to AWS::CertificateManager::Certificate.

After reading this blog post https://aws.amazon.com/about-aws/whats-new/2022/11/aws-certificate-manager-elliptic-curve-digital-signature-algorithm-tls-certificates/

From the AWS ACM Web Console, I am able to successfully create a Certificate with EC_secp384r1 KeyAlgorithm and use the certificate successfully.

I then attempted to create a EC_secp384r1 certificate via CDK but was not able to set the KeyAlgorithm and noticed it not available with cloudformation.

I am not sure if I need to submit request as the blog post says "CloudFormation support will be coming soon" at the end, but I did not find a feature request on the roadmap, so wasn't sure if it was being track here :)

Other Details

My team has created an ACM Private Certificate Authority for issuing certs via CDK. We set it to be Elliptic curve based but once we started to try to issue certificates with it, we noticed we could not set KeyAlgorithm with cloudformation and it defaults to RSA2048 which doesn't match our PCA KeyAlgorithm.

[Goldich]

• push * 6 months after the release Terraform support is out for ages but CF and SDK do not support it.

[frjonsen]

Sad to see the original announcement promises "support will be coming soon", yet here we are, nine months later, with seemingly no progress.

[lasley]

It looks like this is supported now: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-keyalgorithm

And in CDK: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_certificatemanager.Certificate.html