Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: Support ECDSA certificates for aws_acm_certificate resources #27715

Open
robmoss2k opened this issue Nov 9, 2022 · 3 comments
Open

[Enhancement]: Support ECDSA certificates for aws_acm_certificate resources #27715

robmoss2k opened this issue Nov 9, 2022 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/acm Issues and PRs that pertain to the acm service.

Comments

@robmoss2k
Copy link

robmoss2k commented Nov 9, 2022
edited
Loading

Description

As of 2022-11-08, ACM supports ECDSA certificates. Please add support for this parameter.

Affected Resource(s) and/or Data Source(s)

aws_acm_certificate resource
aws_acm_certificate data source

Potential Terraform Configuration

resource "aws_acm_certificate" "ecdsa" {
  ...
  key_algorithm = "EC_prime256v1"
}

References

https://aws.amazon.com/about-aws/whats-new/2022/11/aws-certificate-manager-elliptic-curve-digital-signature-algorithm-tls-certificates/
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms
https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html#API_RequestCertificate_RequestSyntax

Would you like to implement a fix?

I wouldn't know how.
@robmoss2k robmoss2k added enhancement Requests to existing resources that expand the functionality or scope. needs-triage Waiting for first response or review from a maintainer. labels Nov 9, 2022
@github-actions
Copy link

github-actions bot commented Nov 9, 2022

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@ewbankkit ewbankkit added service/acm Issues and PRs that pertain to the acm service. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 9, 2022
@ewbankkit
Copy link
Contributor

Requires AWS SDK for Go v1.44.133: #27712.

@JamesJJ JamesJJ mentioned this issue Nov 13, 2022
Merged
@JamesJJ
Copy link
Contributor

JamesJJ commented Nov 13, 2022

PR #27781 should resolve this for the aws_acm_certificate resource, and allow you to request ECDSA certificates from ACM.

Personally, I'd suggest combining the existing data source with the tls_certificate data source if you need to determine the algorithm of an ACM certificate that was created/imported outside of terraform, for example:

data "aws_acm_certificate" "example" {
  domain    = "www.example.com"
  types     = ["AMAZON_ISSUED"]
  key_types = ["RSA_2048", "EC_prime256v1", "EC_secp384r1"]
}

data "tls_certificate" "example" {
  content = data.aws_acm_certificate.example.certificate
}

output "signature_algorithm" {
  value = data.tls_certificate.example.certificates[0].signature_algorithm
}

Outputs:

signature_algorithm = "ECDSA-SHA256"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/acm Issues and PRs that pertain to the acm service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JamesJJ @ewbankkit @robmoss2k