@aws-cdk/acm

AWS Certificate Manager Construct Library

This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.

Validation

If certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:

DNS validation is possible in ACM, but is not currently available in CloudFormation. A Custom Resource will be developed for this, but is not currently available.

Because of these blocks, it’s probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you’ll import the certificate into your stack afterwards.

Provisioning

Provision a new certificate by creating an instance of Certificate. Email validation will be sent to example.com:

const certificate = new Certificate(this, 'Certificate', {
    domainName: 'test.example.com'
});

Importing

Import a certificate either manually, if you know the ARN:

const certificate = Certificate.import(this, 'Certificate', {
    certificteArn: new Arn("arn:aws:...")
});

Or use exporting and importing mechanisms between stacks:

const certRef = certStack.certificate.export();

const certificate = Certificate.import(this, 'Certificate', certRef);
We should probably also make a Custom Resource that can looks up the certificate ARN by domain name by querying ACM.

Reference

Certificate

class _aws-cdk_acm.Certificate(parent, name, props)

A certificate managed by Amazon Certificate Manager IMPORTANT: if you are creating a certificate as part of your stack, the stack will not complete creating until you read and follow the instructions in the email that you will receive. ACM will send validation emails to the following addresses: admin@domain.com administrator@domain.com hostmaster@domain.com postmaster@domain.com webmaster@domain.com For every domain that you register.

Extends:

CertificateRef

Parameters:
  • parent (Construct) –
  • name (string) –
  • props (CertificateProps) –
certificateArn

The certificate’s ARN

Type:CertificateArn (readonly)

CertificateArn

class _aws-cdk_acm.CertificateArn([valueOrFunction])

Represents the ARN of a certificate

Extends:Arn
Parameters:valueOrFunction (any or None) –

CertificateProps (interface)

class _aws-cdk_acm.CertificateProps

Properties for your certificate

domainName

Fully-qualified domain name to request a certificate for. May contain wildcards, such as *.domain.com.

Type:string
subjectAlternativeNames

Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site.

Type:string or None
validationDomains

What validation domain to use for every requested domain. Has to be a superdomain of the requested domain.

Type:string or None

CertificateRef

class _aws-cdk_acm.CertificateRef(parent, name)

Interface for certificate-like objects

Extends:

Construct

Abstract:

Yes

Parameters:
  • parent (Construct) – The parent construct
  • name (string) –
static import(parent, name, props) → @aws-cdk/acm.CertificateRef

Import a certificate

Parameters:
  • parent (Construct) –
  • name (string) –
  • props (CertificateRefProps) –
Return type:

CertificateRef

export() → @aws-cdk/acm.CertificateRefProps

Export this certificate from the stack

Return type:CertificateRefProps
certificateArn
Type:CertificateArn (readonly) (abstract)

CertificateRefProps (interface)

class _aws-cdk_acm.CertificateRefProps

Reference to an existing Certificate

certificateArn

The certificate’s ARN

Type:CertificateArn