-
Interface Summary Interface Description CertificateProps Properties for your certificate.CfnCertificate.DomainValidationOptionProperty CfnCertificateProps Properties for defining a `AWS::CertificateManager::Certificate`.DnsValidatedCertificateProps EXPERIMENTALICertificate -
Class Summary Class Description Certificate A certificate managed by AWS Certificate Manager.CertificateProps.Builder A builder forCertificatePropsCertificateProps.Jsii$Proxy A proxy class which represents a concrete javascript instance of this type.CfnCertificate A CloudFormation `AWS::CertificateManager::Certificate`.CfnCertificate.DomainValidationOptionProperty.Builder A builder forCfnCertificate.DomainValidationOptionPropertyCfnCertificate.DomainValidationOptionProperty.Jsii$Proxy A proxy class which represents a concrete javascript instance of this type.CfnCertificateProps.Builder A builder forCfnCertificatePropsCfnCertificateProps.Jsii$Proxy A proxy class which represents a concrete javascript instance of this type.DnsValidatedCertificate A certificate managed by AWS Certificate Manager.DnsValidatedCertificateProps.Builder A builder forDnsValidatedCertificatePropsDnsValidatedCertificateProps.Jsii$Proxy A proxy class which represents a concrete javascript instance of this type.ICertificate.Jsii$Proxy A proxy class which represents a concrete javascript instance of this type. -
Enum Summary Enum Description ValidationMethod Method used to assert ownership of the domain.
Package software.amazon.awscdk.services.certificatemanager Description
Amazon Certificate Manager Construct Library
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
The following requests a certificate for a given domain:
const cert = new certmgr.Certificate(this, 'Certificate', {
domainName: 'example.com',
});
After requesting a certificate, you will need to prove that you own the domain in question before the certificate will be granted. The CloudFormation deployment will wait until this verification process has been completed.
Because of this wait time, it's better to provision your certificates either in a separate stack from your main service, or provision them manually and import them into your CDK application.
The CDK also provides a custom resource which can be used for automatic validation if the DNS records for the domain are managed through Route53 (see below).
Email validation
Email-validated certificates (the default) are validated by receiving an email on one of a number of predefined domains and following the instructions in the email.
See Validate with Email in the Amazon Certificate Manager User Guide.
DNS validation
DNS-validated certificates are validated by configuring appropriate DNS records for your domain.
See Validate with DNS in the Amazon Certificate Manager User Guide.
Automatic DNS-validated certificates using Route53
The DnsValidatedCertificateRequest class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com, there must be a Route 53 public
zone example.com that provides authoritative records for the domain.
Example:
const hostedZone = route53.HostedZone.fromLookup(this, 'HostedZone', {
domainName: 'example.com',
privateZone: false
});
const certificate = new certmgr.DnsValidatedCertificate(this, 'TestCertificate', {
domainName: 'test.example.com',
hostedZone,
});
Importing
If you want to import an existing certificate, you can do so from its ARN:
const arn = "arn:aws:...";
const certificate = Certificate.fromCertificateArn(this, 'Certificate', arn);
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate object between the stacks.