feat(certificatemanager): key algorithm support for PrivateCertificate and Certificate
#28597
Conversation
github-actions
bot
added
beginning-contributor
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
| * If you need to use an algorithm that doesn't exist as a static member, you | ||
| * can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
| */ | ||
| export class KeyAlgorithm { |
There was a problem hiding this comment.
Allowed values are: RSA_1024 | RSA_2048 | RSA_3072 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1 but I only included RSA_2048 | EC_prime256v1 | EC_secp384r1 since imported certificate does not exist in CloudFormation
There was a problem hiding this comment.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
| /** | ||
| * Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. | ||
| * | ||
| * @default KeyAlgorithm.RSA_2048 |
There was a problem hiding this comment.
If keyAlgorithm is undefined, then the default algorithm is RSA_2048 according to doc
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
...-testing/framework-integ/test/aws-certificatemanager/test/integ.certificate-key-algorithm.ts
Outdated
Show resolved
Hide resolved
| * If you need to use an algorithm that doesn't exist as a static member, you | ||
| * can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
| */ | ||
| export class KeyAlgorithm { |
There was a problem hiding this comment.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
longtv2222
changed the title
PrivateCertificate and Certificate
|
Appreciate the feedbacks!! I've added all your PR suggestions |
aws-cdk-automation
added
the
pr/needs-community-review
There was a problem hiding this comment.
Thanks @longtv2222! This looks good to me! This will be a super helpful feature!
aws-cdk-automation
added
the
pr/needs-maintainer-review
aws-cdk-automation
removed
the
pr/needs-community-review
kaizencc
changed the title
PrivateCertificate and CertificatePrivateCertificate and Certificate
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Add support for key algorithm when requesting a certificate
keyAlgorithmsupport forDnsValidatedCertificateis not supported since the construct was deprecated. Added a warning if user tries to usekeyAlgorithmfor the construct instead.CloudFormation docs for key algorithm.
Closes #22887.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license