-
Interface Summary Interface Description CertificateProps Properties for your certificate.CfnCertificate.DomainValidationOptionProperty CfnCertificateProps Properties for defining a `AWS::CertificateManager::Certificate`.DnsValidatedCertificateProps Properties to create a DNS validated certificate managed by AWS Certificate Manager.ICertificate Represents a certificate in AWS Certificate Manager. -
Enum Summary Enum Description ValidationMethod Method used to assert ownership of the domain.
Package software.amazon.awscdk.services.certificatemanager Description
Amazon Certificate Manager Construct Library
---
This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.
The following requests a certificate for a given domain:
// Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
Certificate cert = new Certificate(this, "Certificate", new CertificateProps()
.domainName("example.com"));
After requesting a certificate, you will need to prove that you own the domain in question before the certificate will be granted. The CloudFormation deployment will wait until this verification process has been completed.
Because of this wait time, it's better to provision your certificates either in a separate stack from your main service, or provision them manually and import them into your CDK application.
The CDK also provides a custom resource which can be used for automatic validation if the DNS records for the domain are managed through Route53 (see below).
Email validation
Email-validated certificates (the default) are validated by receiving an email on one of a number of predefined domains and following the instructions in the email.
See Validate with Email in the Amazon Certificate Manager User Guide.
DNS validation
DNS-validated certificates are validated by configuring appropriate DNS records for your domain.
See Validate with DNS in the Amazon Certificate Manager User Guide.
Automatic DNS-validated certificates using Route53
The DnsValidatedCertificateRequest class provides a Custom Resource by which
you can request a TLS certificate from AWS Certificate Manager that is
automatically validated using a cryptographically secure DNS record. For this to
work, there must be a Route 53 public zone that is responsible for serving
records under the Domain Name of the requested certificate. For example, if you
request a certificate for www.example.com, there must be a Route 53 public
zone example.com that provides authoritative records for the domain.
Example:
// Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
IHostedZone hostedZone = route53.HostedZone.fromLookup(this, "HostedZone", new HostedZoneProviderProps()
.domainName("example.com")
.privateZone(false));
DnsValidatedCertificate certificate = new DnsValidatedCertificate(this, "TestCertificate", new DnsValidatedCertificateProps()
.domainName("test.example.com")
.hostedZone(hostedZone));
Importing
If you want to import an existing certificate, you can do so from its ARN:
// Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826 String arn = "arn:aws:..."; var certificate = Certificate.fromCertificateArn(this, "Certificate", arn);
Sharing between Stacks
To share the certificate between stacks in the same CDK application, simply
pass the Certificate object between the stacks.