The CDK Construct Library for AWS::CertificateManager
Project description
AWS Certificate Manager Construct Library
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
DNS-validated certificates
The DnsValidatedCertificateRequest
class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com
, there must be a Route 53 public
zone example.com
that provides authoritative records for the domain.
Example
import { HostedZoneProvider } from '@aws-cdk/aws-route53';
import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
const hostedZone = new HostedZoneProvider(this, {
domainName: 'example.com',
privateZone: false
}).findAndImport(this, 'ExampleDotCom');
const certificate = new DnsValidatedCertificate(this, 'TestCertificate', {
domainName: 'test.example.com',
hostedZone: hostedZone
});
Email validation
Otherwise, if certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:
- admin@domain.com
- administrator@domain.com
- hostmaster@domain.com
- postmaster@domain.com
- webmaster@domain.com
Because of these blocks, it's probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you'll import the certificate into your stack afterwards.
Example
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing
Import a certificate manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificteArn: "arn:aws:..."
});
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate
object between the stacks.
TODO
- Custom Resource that can look up the certificate ARN by domain name by querying ACM.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-certificatemanager-0.31.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 587aa5ce234bee996cbcfd987be18f8aa3f199802eb56400102916350a8d9a08 |
|
MD5 | ab403a66970479096f3643ea885eee45 |
|
BLAKE2b-256 | 501aa353912f7cd63432615cba348fb5a07994e110d41f829d281f2644f83866 |
Hashes for aws_cdk.aws_certificatemanager-0.31.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a02d2bee616c69d03934824dab787fda70a3f1e293c82e5383dcf5a0fa4800dd |
|
MD5 | 3e481375abce22eac5822a807d7995fe |
|
BLAKE2b-256 | d48b8fcf06b7f3e91fd2ef458b9b52fd728e5e02adef365496101b91c7556a2a |