The CDK Construct Library for AWS::CertificateManager
Project description
AWS Certificate Manager Construct Library
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
DNS-validated certificates
The DnsValidatedCertificateRequest
class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com
, there must be a Route 53 public
zone example.com
that provides authoritative records for the domain.
Example
import { HostedZoneProvider } from '@aws-cdk/aws-route53';
import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
const hostedZone = new HostedZoneProvider(this, {
domainName: 'example.com',
privateZone: false
}).findAndImport(this, 'ExampleDotCom');
const certificate = new DnsValidatedCertificate(this, 'TestCertificate', {
domainName: 'test.example.com',
hostedZone: hostedZone
});
Email validation
Otherwise, if certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:
- admin@domain.com
- administrator@domain.com
- hostmaster@domain.com
- postmaster@domain.com
- webmaster@domain.com
Because of these blocks, it's probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you'll import the certificate into your stack afterwards.
Example
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing
Import a certificate manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificteArn: "arn:aws:..."
});
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate
object between the stacks.
TODO
- Custom Resource that can look up the certificate ARN by domain name by querying ACM.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-certificatemanager-0.27.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6d4e59fb6e29691bcee8617d50a93ef539996a60541bd02cc0460ac0a4881a60 |
|
MD5 | 0653738e36874e4cf5354c2af4a8c764 |
|
BLAKE2b-256 | 27ed41019164eb17c4431d88a62700a440417807e43e98430c0457feb7340d7c |
Hashes for aws_cdk.aws_certificatemanager-0.27.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 49f967dce4deaa09db33820e38be9270ce67870db10a6f27fdfd4e072bcbf358 |
|
MD5 | f16aeb33489409347b89b2bad98c4c43 |
|
BLAKE2b-256 | bc7b967a5cb7242b86052e4145ac9f841b36f637317602984eef1ee13a5f26cc |