@aws-cdk/acm¶
AWS Certificate Manager Construct Library¶
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
Validation¶
If certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:
- admin@domain.com
- administrator@domain.com
- hostmaster@domain.com
- postmaster@domain.com
- webmaster@domain.com
DNS validation is possible in ACM, but is not currently available in CloudFormation. A Custom Resource will be developed for this, but is not currently available.
Because of these blocks, it’s probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you’ll import the certificate into your stack afterwards.
Provisioning¶
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing¶
Import a certificate either manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificteArn: new Arn("arn:aws:...")
});
Or use exporting and importing mechanisms between stacks:
const certRef = certStack.certificate.export();
const certificate = Certificate.import(this, 'Certificate', certRef);
We should probably also make a Custom Resource that can looks up the certificate ARN by domain name by querying ACM.
Reference¶
Certificate¶
-
class
_aws-cdk_acm.
Certificate
(parent, name, props)¶ A certificate managed by Amazon Certificate Manager IMPORTANT: if you are creating a certificate as part of your stack, the stack will not complete creating until you read and follow the instructions in the email that you will receive. ACM will send validation emails to the following addresses: admin@domain.com administrator@domain.com hostmaster@domain.com postmaster@domain.com webmaster@domain.com For every domain that you register.
Extends: CertificateRef
Parameters: - parent (
Construct
) – - name (string) –
- props (
CertificateProps
) –
-
certificateArn
¶ The certificate’s ARN
Type: CertificateArn
(readonly)
- parent (
CertificateArn¶
CertificateProps (interface)¶
-
class
_aws-cdk_acm.
CertificateProps
¶ Properties for your certificate
-
domainName
¶ Fully-qualified domain name to request a certificate for. May contain wildcards, such as
*.domain.com
.Type: string
-
subjectAlternativeNames
¶ Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site.
Type: string or None
-
validationDomains
¶ What validation domain to use for every requested domain. Has to be a superdomain of the requested domain.
Type: string or None
-
CertificateRef¶
-
class
_aws-cdk_acm.
CertificateRef
(parent, name)¶ Interface for certificate-like objects
Extends: Construct
Abstract: Yes
Parameters: - parent (
Construct
) – The parent construct - name (string) –
-
static
import
(parent, name, props) → @aws-cdk/acm.CertificateRef¶ Import a certificate
Parameters: - parent (
Construct
) – - name (string) –
- props (
CertificateRefProps
) –
Return type: CertificateRef
- parent (
-
export
() → @aws-cdk/acm.CertificateRefProps¶ Export this certificate from the stack
Return type: CertificateRefProps
-
certificateArn
¶ Type: CertificateArn
(readonly) (abstract)
- parent (