I just received an email from AWS re Certificate request for [my personal domain]
.
This email asked me to approve this request with a link or forward to a AWS email for validation.
Needless to say this request for the cert did not originate for me or anyone acting on my behalf.
I am posting here as I have never encountered a situation like this, I dont have any vocabulary to put this kind of attack in context, it seems tangential to a social engineering in the sense I dont see how it could be used in a social engineering attack.
I am in the dark and at a loss for how to even google for information about the context for this kind of attack.
My specific question is
what could the perpetrators of this attack achive if they were able to obtain an aws cert for my domain.
Edit: This is not the PKI keys you use for ssh, rather this is a certificate you would use with an aws service like cloudfront