AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-01 · Documentation low

File: cli/latest/reference/acm/request-certificate.md

Summary

Updated AWS CLI version reference, added a note that the 'Export' certificate setting cannot be updated after creation, and updated a link for key algorithm documentation.

Security assessment

The addition clarifying that the 'Export' setting is immutable after certificate creation is a security-related documentation update. It informs users about a security control (preventing exportability changes post-creation) that could impact key management and certificate portability. However, this is a documentation clarification, not evidence of a new security issue or vulnerability fix.

Diff

diff --git a/cli/latest/reference/acm/request-certificate.md b/cli/latest/reference/acm/request-certificate.md
index 3dec22097..b62ca18c6 100644
--- a//cli/latest/reference/acm/request-certificate.md
+++ b//cli/latest/reference/acm/request-certificate.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.20 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.21 Command Reference](../../index.html) »
@@ -270 +270 @@ JSON Syntax:
->> You can opt in to allow the export of your certificates by specifying `ENABLED` .
+>> You can opt in to allow the export of your certificates by specifying `ENABLED` . You cannot update the value of `Export` after the the certificate is created.
@@ -367 +367 @@ JSON Syntax:
-> Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some Amazon Web Services services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the Amazon Web Services service where you plan to deploy your certificate. For more information about selecting an algorithm, see [Key algorithms](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms) .
+> Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some Amazon Web Services services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the Amazon Web Services service where you plan to deploy your certificate. For more information about selecting an algorithm, see [Key algorithms](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate-characteristics.html#algorithms-term) .
@@ -604 +604 @@ CertificateArn -> (string)
-  * [AWS CLI 2.34.20 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.21 Command Reference](../../index.html) »