The CDK Construct Library for AWS::CertificateManager
Project description
AWS Certificate Manager Construct Library
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
DNS-validated certificates
The DnsValidatedCertificateRequest
class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com
, there must be a Route 53 public
zone example.com
that provides authoritative records for the domain.
Example
import { HostedZoneProvider } from '@aws-cdk/aws-route53';
import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
const hostedZone = new HostedZoneProvider(this, {
domainName: 'example.com',
privateZone: false
}).findAndImport(this, 'ExampleDotCom');
const certificate = new DnsValidatedCertificate(this, 'TestCertificate', {
domainName: 'test.example.com',
hostedZone: hostedZone
});
Email validation
Otherwise, if certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:
- admin@domain.com
- administrator@domain.com
- hostmaster@domain.com
- postmaster@domain.com
- webmaster@domain.com
Because of these blocks, it's probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you'll import the certificate into your stack afterwards.
Example
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing
Import a certificate manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificteArn: "arn:aws:..."
});
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate
object between the stacks.
TODO
- Custom Resource that can look up the certificate ARN by domain name by querying ACM.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-certificatemanager-0.30.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1dc9b6d9378c0f88486c7eb07d64ee95748742a9882aff7262368e2f368d3c75 |
|
MD5 | fa28f68affdead89fc74156b11d6e1b3 |
|
BLAKE2b-256 | dfb22f4058ef1567b11ca2c18d2d17d78cd9626f89ea5ea9af0b91573ece9505 |
Hashes for aws_cdk.aws_certificatemanager-0.30.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1160ee0a92aef25b13c5946776582344dcf5ec41eb55fcb37d13953f0ad31472 |
|
MD5 | e83a45f1a0e36aa3bcfa1166dfb036cb |
|
BLAKE2b-256 | fd13f3a923d9611c16c85ff9fbb84bcce78cfab7ee864e047e8620136abe939f |