ECDSA 384 doesn't appear to be supported by CloudFront Distributions

Question

[This page claims that cloudfront supports ECDSA 384](https://aws.amazon.com/blogs/networking-and-content-delivery/cloudfront-now-supports-ecdsa-certificates-for-https-connections-to-origins/), yet I am unable to create a cloudfront distirbution using an ECDA 384 certificated issued through ACM (in us-east-1 of course).

I get the following error (note I'm using terraform to create an aws_cloudfront_distribution):

````
 Error: updating CloudFront Distribution (E3IJY7JHQQ0KL): InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
│       status code: 400, request id: de617fa8-REDACTED
`````

However I am able to create an exactly identical certificate (also in us-east-1) except using ECDSA 256 or RSA 2048 and in both of these cases I'm able to create the cloud front distribution with no errors.

Is this the intended behavior? The page I linked to (as I understand it) suggests ECDSA 384 should be supported.

Accepted Answer

Afraid that Link its only for connections FROM Cloudfront to the Origin.
This means connections from cloudfront to say a load balancer.

According to this it does support256.. I have not found anything about 384.
https://aws.amazon.com/about-aws/whats-new/2021/07/amazon-cloudfront-now-supports-ecdsa-certificates-for-https-connections-to-viewers/

Ive a feeling 384 isnt supported as of yet to the viewer

ECDSA 384 doesn't appear to be supported by CloudFront Distributions

Relevant content