specify keyTypes explicitly, otherwise aws acm list-certificates doesn't include all certs #336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

lincheney wants to merge 1 commit into mbailey:master from lincheney:patch-1

lincheney commented Mar 9, 2023

See https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-list.html
which says:

By default, only certificates with keyTypes RSA_1024 or RSA_2048 and with at least one specified domain are returned. To see other certificates that you control, such as domainless certificates or certificates using a different algorithm or bit size, provide the --includes parameter as shown in the following example. The parameter allows you to specify a member of the Filters structure.

For example, I have an ACM cert that does not get listed because it is RSA_4096.

The list of keyTypes I've obtained by running aws acm list-certificates --includes keyTypes=blah which spits out:

An error occurred (ValidationException) when calling the ListCertificates operation: 1 validation error detected: Value '[blah]' at 'includes.keyTypes' failed to satisfy constraint: Member must satisfy constraint: [Member must satisfy enum value set: [RSA_1024, RSA_2048, EC_secp384r1, EC_prime256v1, EC_secp521r1, RSA_3072, RSA_4096]]


          specify keyTypes explicitly, otherwise aws acm list-certificates does…

421a2ad

…n't include all certs

lincheney requested a review from mbailey as a code owner

March 9, 2023 07:24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet