2.0.0

⚠️ This version requires an additional acm:UpdateCertificateOptions permission to be added to the Lambda execution role.
Ensure your CustomAcmCertificateLambdaExecutionRole is up to date with the example in cloudformation.[yaml|json].

Added

Missing certificate property compared to AWS::CertificateManager::Certificate:

• CertificateTransparencyLoggingPreference has been added to control certificate transparency logging.

New enhancements over AWS::CertificateManager::Certificate:

• A new KeyAlgorithm certificate property has been added to specify the key algorithm to use.
  The default is RSA_2048, which is the same as AWS::CertificateManager::Certificate. Not all algorithms are supported by all clients, AWS Services or regions.

Changed

• A DomainValidationOption is no longer required for all domains in the certificate. If a DomainValidationOption is not specified for a domain, no validation record will be created for that domain.
  The validation records will need to be created through some other means. The certificate resource will be in the CREATE_IN_PROGRESS state until the validation records are created.

• The certificate resource will not necessarily be replaced on changes to the DomainValidationOptions property.
  Only changes to DomainName or HostedZoneId in DomainValidationOptions will cause the certificate to be replaced.

Fixed

• Failures that could occur when creating or updating large numbers of certificates in parallel.

1.8.0

Added

• A new optional Route53RoleExternalId domain validation option. This specifies an ExternalId to use when assuming the Route53RoleArn. Thanks pritamrungta!

1.7.5

Fixed

• Resolve cfn-lint check I3042 about hardcoded partition in arn. Thanks CurryEleison!

1.7.4

Changed

• Updated lambda runtime to Python 3.9. AWS Lambda support for Python 3.6 is coming to an end.

1.7.3

Fixed

• Avoid unnecessary requests when updating/deleting certificate that could result in a ThrottlingException - thanks @danieljamesscott

1.7.2

Fixed

• No longer use undocumented vendored requests library from boto3

1.7.1

Fixed

• Certificate creation failing in some regions after a change in ACM API behaviour

1.7.0

Added

• Support for cancelling certificate update. This can occur when a stack update is cancelled, perhaps due to another resource failing to create/update/delete.

1.6.0

Added

• The requested certificate is automatically tagged with cloudformation:logical-id, cloudformation:stack-id and cloudformation:stack-name
• Support for cancelling certificate creation. This can occur when a rollback is triggered while a certificate is creating

1.5.1

Fixed

• Cloudformation resource failing to delete when the certificate was deleted