The CDK Construct Library for AWS::CertificateManager
Project description
Amazon Certificate Manager Construct Library
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
DNS-validated certificates
The DnsValidatedCertificateRequest
class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com
, there must be a Route 53 public
zone example.com
that provides authoritative records for the domain.
Example
import { HostedZoneProvider } from '@aws-cdk/aws-route53';
import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
const hostedZone = new HostedZoneProvider(this, {
domainName: 'example.com',
privateZone: false
}).findAndImport(this, 'ExampleDotCom');
const certificate = new DnsValidatedCertificate(this, 'TestCertificate', {
domainName: 'test.example.com',
hostedZone: hostedZone
});
Email validation
Otherwise, if certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:
- admin@domain.com
- administrator@domain.com
- hostmaster@domain.com
- postmaster@domain.com
- webmaster@domain.com
Because of these blocks, it's probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you'll import the certificate into your stack afterwards.
Example
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing
Import a certificate manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificateArn: "arn:aws:..."
});
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate
object between the stacks.
TODO
- Custom Resource that can look up the certificate ARN by domain name by querying ACM.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-certificatemanager-0.34.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1e9c854415babeb94e92a3642a58af27308935e93328ba23c42ca2cbdf9001ad |
|
MD5 | 05f9ea9f9da41c19225a809164afa70b |
|
BLAKE2b-256 | 8ba8568c02df001efe1ba5ef6a30bc6ff2c611075349e239fd54d4b78c501604 |
Hashes for aws_cdk.aws_certificatemanager-0.34.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 93253ff9617c5a4fe89ad91d483dac56e17692dec2d1d093eb66d86609f3ed1a |
|
MD5 | 900ea5548818a2fd1ca46e8b7935c2e5 |
|
BLAKE2b-256 | 4a1e00c7c3899e18957b50efc36fa966ac13d2933c04cdcae1394746c97e8032 |