
AWS Certificate Manager now supports IAM condition context keys that enable enterprises to govern certificate issuance by controlling validation methods, domain names, key algorithms, and certificate types across users and accounts.


<div><p>This article announces AWS Certificate Manager's new Enterprise Controls feature, enabling administrators to govern certificate issuance through IAM condition context keys.</p><ul><li>Enforce DNS validation and control which users request certificates for specific domains</li><li>Restrict certificate key algorithms and public/private certificate types</li><li>Prevent disabling Certificate Transparency logging or using specific Private CAs</li><li>Distribute policies across users and accounts using IAM or Service Control Policies</li><li>Set organization-wide or unit-specific policies via AWS Organizations</li><li>Available in all AWS Regions where ACM is supported, including GovCloud</li></ul><p>In summary, ACM Enterprise Controls help organizations enforce PKI guidelines and certificate governance at scale across their AWS infrastructure.</p></div>


Related articles