aws-cdk-lib 2.117.0__py3-none-any.whl → 2.119.0__py3-none-any.whl

aws_cdk/aws_certificatemanager/__init__.py

@@ -141,7 +141,8 @@ import aws_cdk.aws_acmpca as acmpca
 acm.PrivateCertificate(self, "PrivateCertificate",
     domain_name="test.example.com",
     subject_alternative_names=["cool.example.com", "test.example.net"],  # optional
-    certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77")
+    certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"),
+    key_algorithm=acm.KeyAlgorithm.RSA_2048
 )
 ```
 
@@ -156,6 +157,25 @@ acm.Certificate(self, "Certificate",
 )
 ```
 
+## Key Algorithms
+
+To specify the algorithm of the public and private key pair that your certificate uses to encrypt data use the `keyAlgorithm` property.
+
+Algorithms supported for an ACM certificate request include:
+
+* `RSA_2048`
+* `EC_prime256v1`
+* `EC_secp384r1`
+
+```python
+acm.Certificate(self, "Certificate",
+    domain_name="test.example.com",
+    key_algorithm=acm.KeyAlgorithm.EC_PRIME256V1
+)
+```
+
+> Visit [Key algorithms](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title) for more details.
+
 ## Importing
 
 If you want to import an existing certificate, you can do so from its ARN:
@@ -239,6 +259,7 @@ from ..aws_route53 import IHostedZone as _IHostedZone_9a6907ad
     name_mapping={
         "domain_name": "domainName",
         "certificate_name": "certificateName",
+        "key_algorithm": "keyAlgorithm",
         "subject_alternative_names": "subjectAlternativeNames",
         "transparency_logging_enabled": "transparencyLoggingEnabled",
         "validation": "validation",
@@ -250,6 +271,7 @@ class CertificateProps:
         *,
         domain_name: builtins.str,
         certificate_name: typing.Optional[builtins.str] = None,
+        key_algorithm: typing.Optional["KeyAlgorithm"] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         transparency_logging_enabled: typing.Optional[builtins.bool] = None,
         validation: typing.Optional["CertificateValidation"] = None,
@@ -258,6 +280,7 @@ class CertificateProps:
 
         :param domain_name: Fully-qualified domain name to request a certificate for. May contain wildcards, such as ``*.domain.com``.
         :param certificate_name: The Certificate name. Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the ``Name`` tag Default: the full, absolute path of this construct
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
         :param transparency_logging_enabled: Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: true
         :param validation: How to validate this certificate. Default: CertificateValidation.fromEmail()
@@ -287,6 +310,7 @@ class CertificateProps:
             type_hints = typing.get_type_hints(_typecheckingstub__0454180af2ed6575d11cf361cd5374f722ba32d4007970472aca57751d85258f)
             check_type(argname="argument domain_name", value=domain_name, expected_type=type_hints["domain_name"])
             check_type(argname="argument certificate_name", value=certificate_name, expected_type=type_hints["certificate_name"])
+            check_type(argname="argument key_algorithm", value=key_algorithm, expected_type=type_hints["key_algorithm"])
             check_type(argname="argument subject_alternative_names", value=subject_alternative_names, expected_type=type_hints["subject_alternative_names"])
             check_type(argname="argument transparency_logging_enabled", value=transparency_logging_enabled, expected_type=type_hints["transparency_logging_enabled"])
             check_type(argname="argument validation", value=validation, expected_type=type_hints["validation"])
@@ -295,6 +319,8 @@ class CertificateProps:
         }
         if certificate_name is not None:
             self._values["certificate_name"] = certificate_name
+        if key_algorithm is not None:
+            self._values["key_algorithm"] = key_algorithm
         if subject_alternative_names is not None:
             self._values["subject_alternative_names"] = subject_alternative_names
         if transparency_logging_enabled is not None:
@@ -323,6 +349,17 @@ class CertificateProps:
         result = self._values.get("certificate_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def key_algorithm(self) -> typing.Optional["KeyAlgorithm"]:
+        '''Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
+
+        :default: KeyAlgorithm.RSA_2048
+
+        :see: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
+        '''
+        result = self._values.get("key_algorithm")
+        return typing.cast(typing.Optional["KeyAlgorithm"], result)
+
     @builtins.property
     def subject_alternative_names(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Alternative domain names on your certificate.
@@ -1419,6 +1456,7 @@ class CfnCertificateProps:
     name_mapping={
         "domain_name": "domainName",
         "certificate_name": "certificateName",
+        "key_algorithm": "keyAlgorithm",
         "subject_alternative_names": "subjectAlternativeNames",
         "transparency_logging_enabled": "transparencyLoggingEnabled",
         "validation": "validation",
@@ -1435,6 +1473,7 @@ class DnsValidatedCertificateProps(CertificateProps):
         *,
         domain_name: builtins.str,
         certificate_name: typing.Optional[builtins.str] = None,
+        key_algorithm: typing.Optional["KeyAlgorithm"] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         transparency_logging_enabled: typing.Optional[builtins.bool] = None,
         validation: typing.Optional[CertificateValidation] = None,
@@ -1448,6 +1487,7 @@ class DnsValidatedCertificateProps(CertificateProps):
 
         :param domain_name: Fully-qualified domain name to request a certificate for. May contain wildcards, such as ``*.domain.com``.
         :param certificate_name: The Certificate name. Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the ``Name`` tag Default: the full, absolute path of this construct
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
         :param transparency_logging_enabled: Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: true
         :param validation: How to validate this certificate. Default: CertificateValidation.fromEmail()
@@ -1469,6 +1509,7 @@ class DnsValidatedCertificateProps(CertificateProps):
             
             # certificate_validation: certificatemanager.CertificateValidation
             # hosted_zone: route53.HostedZone
+            # key_algorithm: certificatemanager.KeyAlgorithm
             # role: iam.Role
             
             dns_validated_certificate_props = certificatemanager.DnsValidatedCertificateProps(
@@ -1479,6 +1520,7 @@ class DnsValidatedCertificateProps(CertificateProps):
                 certificate_name="certificateName",
                 cleanup_route53_records=False,
                 custom_resource_role=role,
+                key_algorithm=key_algorithm,
                 region="region",
                 route53_endpoint="route53Endpoint",
                 subject_alternative_names=["subjectAlternativeNames"],
@@ -1490,6 +1532,7 @@ class DnsValidatedCertificateProps(CertificateProps):
             type_hints = typing.get_type_hints(_typecheckingstub__f8749c95da859ba878861eff7c4231de11fa86681f0df8dbe02a3b4e4f5128b6)
             check_type(argname="argument domain_name", value=domain_name, expected_type=type_hints["domain_name"])
             check_type(argname="argument certificate_name", value=certificate_name, expected_type=type_hints["certificate_name"])
+            check_type(argname="argument key_algorithm", value=key_algorithm, expected_type=type_hints["key_algorithm"])
             check_type(argname="argument subject_alternative_names", value=subject_alternative_names, expected_type=type_hints["subject_alternative_names"])
             check_type(argname="argument transparency_logging_enabled", value=transparency_logging_enabled, expected_type=type_hints["transparency_logging_enabled"])
             check_type(argname="argument validation", value=validation, expected_type=type_hints["validation"])
@@ -1504,6 +1547,8 @@ class DnsValidatedCertificateProps(CertificateProps):
         }
         if certificate_name is not None:
             self._values["certificate_name"] = certificate_name
+        if key_algorithm is not None:
+            self._values["key_algorithm"] = key_algorithm
         if subject_alternative_names is not None:
             self._values["subject_alternative_names"] = subject_alternative_names
         if transparency_logging_enabled is not None:
@@ -1540,6 +1585,17 @@ class DnsValidatedCertificateProps(CertificateProps):
         result = self._values.get("certificate_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def key_algorithm(self) -> typing.Optional["KeyAlgorithm"]:
+        '''Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
+
+        :default: KeyAlgorithm.RSA_2048
+
+        :see: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
+        '''
+        result = self._values.get("key_algorithm")
+        return typing.cast(typing.Optional["KeyAlgorithm"], result)
+
     @builtins.property
     def subject_alternative_names(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Alternative domain names on your certificate.
@@ -1753,6 +1809,65 @@ class _ICertificateProxy(
 typing.cast(typing.Any, ICertificate).__jsii_proxy_class__ = lambda : _ICertificateProxy
 
 
+class KeyAlgorithm(
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_certificatemanager.KeyAlgorithm",
+):
+    '''Certificate Manager key algorithm.
+
+    If you need to use an algorithm that doesn't exist as a static member, you
+    can instantiate a ``KeyAlgorithm`` object, e.g: ``new KeyAlgorithm('RSA_2048')``.
+
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-keyalgorithm
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_acmpca as acmpca
+        
+        
+        acm.PrivateCertificate(self, "PrivateCertificate",
+            domain_name="test.example.com",
+            subject_alternative_names=["cool.example.com", "test.example.net"],  # optional
+            certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"),
+            key_algorithm=acm.KeyAlgorithm.RSA_2048
+        )
+    '''
+
+    def __init__(self, name: builtins.str) -> None:
+        '''
+        :param name: The name of the algorithm.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__cad5e05f7974be056d9b0af63d73115399c3a158fbaae8fc08f093bd54934b5b)
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+        jsii.create(self.__class__, self, [name])
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="EC_PRIME256V1")
+    def EC_PRIME256_V1(cls) -> "KeyAlgorithm":
+        '''EC_prime256v1 algorithm.'''
+        return typing.cast("KeyAlgorithm", jsii.sget(cls, "EC_PRIME256V1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="EC_SECP384R1")
+    def EC_SECP384_R1(cls) -> "KeyAlgorithm":
+        '''EC_secp384r1 algorithm.'''
+        return typing.cast("KeyAlgorithm", jsii.sget(cls, "EC_SECP384R1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RSA_2048")
+    def RSA_2048(cls) -> "KeyAlgorithm":
+        '''RSA_2048 algorithm.'''
+        return typing.cast("KeyAlgorithm", jsii.sget(cls, "RSA_2048"))
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        '''The name of the algorithm.'''
+        return typing.cast(builtins.str, jsii.get(self, "name"))
+
+
 @jsii.implements(ICertificate)
 class PrivateCertificate(
     _Resource_45bc6135,
@@ -1772,7 +1887,8 @@ class PrivateCertificate(
         acm.PrivateCertificate(self, "PrivateCertificate",
             domain_name="test.example.com",
             subject_alternative_names=["cool.example.com", "test.example.net"],  # optional
-            certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77")
+            certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"),
+            key_algorithm=acm.KeyAlgorithm.RSA_2048
         )
     '''
 
@@ -1783,6 +1899,7 @@ class PrivateCertificate(
         *,
         certificate_authority: _ICertificateAuthority_26727cab,
         domain_name: builtins.str,
+        key_algorithm: typing.Optional[KeyAlgorithm] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     ) -> None:
         '''
@@ -1790,6 +1907,7 @@ class PrivateCertificate(
         :param id: -
         :param certificate_authority: Private certificate authority (CA) that will be used to issue the certificate.
         :param domain_name: Fully-qualified domain name to request a private certificate for. May contain wildcards, such as ``*.domain.com``.
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your private certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
         '''
         if __debug__:
@@ -1799,6 +1917,7 @@ class PrivateCertificate(
         props = PrivateCertificateProps(
             certificate_authority=certificate_authority,
             domain_name=domain_name,
+            key_algorithm=key_algorithm,
             subject_alternative_names=subject_alternative_names,
         )
 
@@ -1885,6 +2004,7 @@ class PrivateCertificate(
     name_mapping={
         "certificate_authority": "certificateAuthority",
         "domain_name": "domainName",
+        "key_algorithm": "keyAlgorithm",
         "subject_alternative_names": "subjectAlternativeNames",
     },
 )
@@ -1894,12 +2014,14 @@ class PrivateCertificateProps:
         *,
         certificate_authority: _ICertificateAuthority_26727cab,
         domain_name: builtins.str,
+        key_algorithm: typing.Optional[KeyAlgorithm] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     ) -> None:
         '''Properties for your private certificate.
 
         :param certificate_authority: Private certificate authority (CA) that will be used to issue the certificate.
         :param domain_name: Fully-qualified domain name to request a private certificate for. May contain wildcards, such as ``*.domain.com``.
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your private certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
 
         :exampleMetadata: infused
@@ -1912,18 +2034,22 @@ class PrivateCertificateProps:
             acm.PrivateCertificate(self, "PrivateCertificate",
                 domain_name="test.example.com",
                 subject_alternative_names=["cool.example.com", "test.example.net"],  # optional
-                certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77")
+                certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"),
+                key_algorithm=acm.KeyAlgorithm.RSA_2048
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__74588c43933e5f34a3203601cc823ca974676f71701280dcd43e9f037bba43e3)
             check_type(argname="argument certificate_authority", value=certificate_authority, expected_type=type_hints["certificate_authority"])
             check_type(argname="argument domain_name", value=domain_name, expected_type=type_hints["domain_name"])
+            check_type(argname="argument key_algorithm", value=key_algorithm, expected_type=type_hints["key_algorithm"])
             check_type(argname="argument subject_alternative_names", value=subject_alternative_names, expected_type=type_hints["subject_alternative_names"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "certificate_authority": certificate_authority,
             "domain_name": domain_name,
         }
+        if key_algorithm is not None:
+            self._values["key_algorithm"] = key_algorithm
         if subject_alternative_names is not None:
             self._values["subject_alternative_names"] = subject_alternative_names
 
@@ -1944,6 +2070,20 @@ class PrivateCertificateProps:
         assert result is not None, "Required property 'domain_name' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def key_algorithm(self) -> typing.Optional[KeyAlgorithm]:
+        '''Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
+
+        When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family
+        (RSA or ECDSA) must match the algorithm family of the CA's secret key.
+
+        :default: KeyAlgorithm.RSA_2048
+
+        :see: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
+        '''
+        result = self._values.get("key_algorithm")
+        return typing.cast(typing.Optional[KeyAlgorithm], result)
+
     @builtins.property
     def subject_alternative_names(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Alternative domain names on your private certificate.
@@ -2021,6 +2161,7 @@ class Certificate(
         *,
         domain_name: builtins.str,
         certificate_name: typing.Optional[builtins.str] = None,
+        key_algorithm: typing.Optional[KeyAlgorithm] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         transparency_logging_enabled: typing.Optional[builtins.bool] = None,
         validation: typing.Optional[CertificateValidation] = None,
@@ -2030,6 +2171,7 @@ class Certificate(
         :param id: -
         :param domain_name: Fully-qualified domain name to request a certificate for. May contain wildcards, such as ``*.domain.com``.
         :param certificate_name: The Certificate name. Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the ``Name`` tag Default: the full, absolute path of this construct
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
         :param transparency_logging_enabled: Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: true
         :param validation: How to validate this certificate. Default: CertificateValidation.fromEmail()
@@ -2041,6 +2183,7 @@ class Certificate(
         props = CertificateProps(
             domain_name=domain_name,
             certificate_name=certificate_name,
+            key_algorithm=key_algorithm,
             subject_alternative_names=subject_alternative_names,
             transparency_logging_enabled=transparency_logging_enabled,
             validation=validation,
@@ -2150,6 +2293,7 @@ class DnsValidatedCertificate(
         
         # certificate_validation: certificatemanager.CertificateValidation
         # hosted_zone: route53.HostedZone
+        # key_algorithm: certificatemanager.KeyAlgorithm
         # role: iam.Role
         
         dns_validated_certificate = certificatemanager.DnsValidatedCertificate(self, "MyDnsValidatedCertificate",
@@ -2160,6 +2304,7 @@ class DnsValidatedCertificate(
             certificate_name="certificateName",
             cleanup_route53_records=False,
             custom_resource_role=role,
+            key_algorithm=key_algorithm,
             region="region",
             route53_endpoint="route53Endpoint",
             subject_alternative_names=["subjectAlternativeNames"],
@@ -2180,6 +2325,7 @@ class DnsValidatedCertificate(
         route53_endpoint: typing.Optional[builtins.str] = None,
         domain_name: builtins.str,
         certificate_name: typing.Optional[builtins.str] = None,
+        key_algorithm: typing.Optional[KeyAlgorithm] = None,
         subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         transparency_logging_enabled: typing.Optional[builtins.bool] = None,
         validation: typing.Optional[CertificateValidation] = None,
@@ -2194,6 +2340,7 @@ class DnsValidatedCertificate(
         :param route53_endpoint: An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop. Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided. Default: - The AWS SDK will determine the Route53 endpoint to use based on region
         :param domain_name: Fully-qualified domain name to request a certificate for. May contain wildcards, such as ``*.domain.com``.
         :param certificate_name: The Certificate name. Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the ``Name`` tag Default: the full, absolute path of this construct
+        :param key_algorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048
         :param subject_alternative_names: Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
         :param transparency_logging_enabled: Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: true
         :param validation: How to validate this certificate. Default: CertificateValidation.fromEmail()
@@ -2212,6 +2359,7 @@ class DnsValidatedCertificate(
             route53_endpoint=route53_endpoint,
             domain_name=domain_name,
             certificate_name=certificate_name,
+            key_algorithm=key_algorithm,
             subject_alternative_names=subject_alternative_names,
             transparency_logging_enabled=transparency_logging_enabled,
             validation=validation,
@@ -2324,6 +2472,7 @@ __all__ = [
     "DnsValidatedCertificate",
     "DnsValidatedCertificateProps",
     "ICertificate",
+    "KeyAlgorithm",
     "PrivateCertificate",
     "PrivateCertificateProps",
     "ValidationMethod",
@@ -2335,6 +2484,7 @@ def _typecheckingstub__0454180af2ed6575d11cf361cd5374f722ba32d4007970472aca57751
     *,
     domain_name: builtins.str,
     certificate_name: typing.Optional[builtins.str] = None,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     transparency_logging_enabled: typing.Optional[builtins.bool] = None,
     validation: typing.Optional[CertificateValidation] = None,
@@ -2514,6 +2664,7 @@ def _typecheckingstub__f8749c95da859ba878861eff7c4231de11fa86681f0df8dbe02a3b4e4
     *,
     domain_name: builtins.str,
     certificate_name: typing.Optional[builtins.str] = None,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     transparency_logging_enabled: typing.Optional[builtins.bool] = None,
     validation: typing.Optional[CertificateValidation] = None,
@@ -2526,12 +2677,19 @@ def _typecheckingstub__f8749c95da859ba878861eff7c4231de11fa86681f0df8dbe02a3b4e4
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__cad5e05f7974be056d9b0af63d73115399c3a158fbaae8fc08f093bd54934b5b(
+    name: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f15cee4bdac8e70000027c8ca1386d49408a399d3919aa965c46bb68facc21a4(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
     certificate_authority: _ICertificateAuthority_26727cab,
     domain_name: builtins.str,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -2549,6 +2707,7 @@ def _typecheckingstub__74588c43933e5f34a3203601cc823ca974676f71701280dcd43e9f037
     *,
     certificate_authority: _ICertificateAuthority_26727cab,
     domain_name: builtins.str,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -2560,6 +2719,7 @@ def _typecheckingstub__64139efa4ed87482ec95b7e38ad6cf94c6873d02b05ba33c374316868
     *,
     domain_name: builtins.str,
     certificate_name: typing.Optional[builtins.str] = None,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     transparency_logging_enabled: typing.Optional[builtins.bool] = None,
     validation: typing.Optional[CertificateValidation] = None,
@@ -2586,6 +2746,7 @@ def _typecheckingstub__9ce11c00a812f11e5a7783956e3e90d7c684153bef62852779a324183
     route53_endpoint: typing.Optional[builtins.str] = None,
     domain_name: builtins.str,
     certificate_name: typing.Optional[builtins.str] = None,
+    key_algorithm: typing.Optional[KeyAlgorithm] = None,
     subject_alternative_names: typing.Optional[typing.Sequence[builtins.str]] = None,
     transparency_logging_enabled: typing.Optional[builtins.bool] = None,
     validation: typing.Optional[CertificateValidation] = None,

aws_cdk/aws_cloud9/__init__.py

@@ -117,7 +117,7 @@ class CfnEnvironmentEC2(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param image_id: The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path. From December 04, 2023, you will be required to include the ``imageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users. From January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2023 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users. Since Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04. *AMI aliases* - Amazon Linux (end of maintenance support December 2023): ``amazonlinux-1-x86_64`` - Amazon Linux 2: ``amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``ubuntu-22.04-x86_64`` *SSM paths* - Amazon Linux (end of maintenance support December 2023): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`` - Amazon Linux 2: ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64``
+        :param image_id: The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path. From December 04, 2023, you will be required to include the ``ImageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users. From January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2023 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users. Since Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04. *AMI aliases* - Amazon Linux (end of maintenance support December 2023): ``amazonlinux-1-x86_64`` - Amazon Linux 2: ``amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``ubuntu-22.04-x86_64`` *SSM paths* - Amazon Linux (end of maintenance support December 2023): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`` - Amazon Linux 2: ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64``
         :param instance_type: The type of instance to connect to the environment (for example, ``t2.micro`` ).
         :param automatic_stop_time_minutes: The number of minutes until the running instance is shut down after the environment was last used.
         :param connection_type: The connection type used for connecting to an Amazon EC2 environment. Valid values are ``CONNECT_SSH`` (default) and ``CONNECT_SSM`` (connected through AWS Systems Manager ).
@@ -461,7 +461,7 @@ class CfnEnvironmentEC2Props:
     ) -> None:
         '''Properties for defining a ``CfnEnvironmentEC2``.
 
-        :param image_id: The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path. From December 04, 2023, you will be required to include the ``imageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users. From January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2023 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users. Since Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04. *AMI aliases* - Amazon Linux (end of maintenance support December 2023): ``amazonlinux-1-x86_64`` - Amazon Linux 2: ``amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``ubuntu-22.04-x86_64`` *SSM paths* - Amazon Linux (end of maintenance support December 2023): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`` - Amazon Linux 2: ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64``
+        :param image_id: The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path. From December 04, 2023, you will be required to include the ``ImageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users. From January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2023 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users. Since Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04. *AMI aliases* - Amazon Linux (end of maintenance support December 2023): ``amazonlinux-1-x86_64`` - Amazon Linux 2: ``amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``ubuntu-22.04-x86_64`` *SSM paths* - Amazon Linux (end of maintenance support December 2023): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`` - Amazon Linux 2: ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`` - Amazon Linux 2023 (recommended): ``resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64`` - Ubuntu 18.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`` - Ubuntu 22.04: ``resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64``
         :param instance_type: The type of instance to connect to the environment (for example, ``t2.micro`` ).
         :param automatic_stop_time_minutes: The number of minutes until the running instance is shut down after the environment was last used.
         :param connection_type: The connection type used for connecting to an Amazon EC2 environment. Valid values are ``CONNECT_SSH`` (default) and ``CONNECT_SSM`` (connected through AWS Systems Manager ).
@@ -541,7 +541,7 @@ class CfnEnvironmentEC2Props:
 
         To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.
 
-        From December 04, 2023, you will be required to include the ``imageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.
+        From December 04, 2023, you will be required to include the ``ImageId`` parameter for the ``CreateEnvironmentEC2`` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.
 
         From January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2023 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.