AWS Security ChangesHomeSearch

AWS acm documentation change

Service: acm · 2026-07-01 · Documentation low

File: acm/latest/userguide/gs-acm-list.md

Summary

Added certificate key pair origin and ACME-related fields to certificate filtering options and API response examples

Security assessment

Added filtering capabilities for certificate origins including ACME, which relates to certificate automation security features. No vulnerability fix indicated.

Diff

diff --git a/acm/latest/userguide/gs-acm-list.md b/acm/latest/userguide/gs-acm-list.md
index 8423b2d48..c3a3afd84 100644
--- a//acm/latest/userguide/gs-acm-list.md
+++ b//acm/latest/userguide/gs-acm-list.md
@@ -13 +13 @@ With the ACM console or AWS CLI, you can search for certificates in your account
-The [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) operation still exists for basic listing with limited filtering options such as key type, key usage, and certificate status.
+The [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) operation still exists for basic listing with limited filtering options such as key type, key usage, certificate status, and certificate key pair origin.
@@ -23 +23 @@ You can filter certificates using the following categories:
-  * **ACM metadata** – Filter by status, type, in-use, exported, export option, managed-by, validation method, renewal status, or renewal eligibility.
+  * **ACM metadata** – Filter by status, type, in-use, exported, export option, managed-by, validation method, renewal status, renewal eligibility, certificate key pair origin, ACME endpoint, or ACME account.
@@ -27,0 +28,2 @@ You can filter certificates using the following categories:
+The certificate key pair origin filter accepts the values `AWS_MANAGED`, `CUSTOMER_PROVIDED`, and `ACME`. Certificates issued through ACME are returned only when you set the certificate key pair origin filter to `ACME`.
+
@@ -189 +191,2 @@ The command returns information similar to the following:
-                        "ValidationMethod": "DNS"
+                        "ValidationMethod": "DNS",
+                        "CertificateKeyPairOrigin": "AWS_MANAGED"