Using ACME, it is possible to instruct CA that certificates should be issued only if authorised by a specific account.
You specify CAA value like this:
letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/XXXXXXXXX
Is it possible to do within AWS ACM?