hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.83k stars 9.18k forks source link

[Enhancement]: Support ECDSA certificates for aws_acm_certificate resources #27715

Open robmoss2k opened 2 years ago

robmoss2k commented 2 years ago

Description

As of 2022-11-08, ACM supports ECDSA certificates. Please add support for this parameter.

Affected Resource(s) and/or Data Source(s)

aws_acm_certificate resource aws_acm_certificate data source

Potential Terraform Configuration

resource "aws_acm_certificate" "ecdsa" {
  ...
  key_algorithm = "EC_prime256v1"
}

References

https://aws.amazon.com/about-aws/whats-new/2022/11/aws-certificate-manager-elliptic-curve-digital-signature-algorithm-tls-certificates/ https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html#API_RequestCertificate_RequestSyntax

Would you like to implement a fix?

I wouldn't know how.

github-actions[bot] commented 2 years ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

ewbankkit commented 2 years ago

Requires AWS SDK for Go v1.44.133: #27712.

JamesJJ commented 2 years ago

PR #27781 should resolve this for the aws_acm_certificate resource, and allow you to request ECDSA certificates from ACM.

Personally, I'd suggest combining the existing data source with the tls_certificate data source if you need to determine the algorithm of an ACM certificate that was created/imported outside of terraform, for example:

data "aws_acm_certificate" "example" {
  domain    = "www.example.com"
  types     = ["AMAZON_ISSUED"]
  key_types = ["RSA_2048", "EC_prime256v1", "EC_secp384r1"]
}

data "tls_certificate" "example" {
  content = data.aws_acm_certificate.example.certificate
}

output "signature_algorithm" {
  value = data.tls_certificate.example.certificates[0].signature_algorithm
}

Outputs:

signature_algorithm = "ECDSA-SHA256"

github-actions[bot] commented 1 week ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!