Enterprise, network and security admins can now use AWS Identity and Access Management (IAM) condition context keys with AWS Certificate Manager (ACM) to help ensure that users are issuing certificates that conform to their organization’s public key infrastructure (PKI) guidelines. For example, you can use condition keys to allow only DNS validation. Or, you can authorize which of your users can request certificates for specific domain names such as accounting.example.com and/or wildcard names.
Source:: Amazon AWS