DnsValidatedCertificate
A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the specified Route 53 hosted zone.
Import
import { DnsValidatedCertificate } from 'aws-cdk-lib/aws-certificatemanager';Or use the module namespace:
import * as certificatemanager from 'aws-cdk-lib/aws-certificatemanager';
// certificatemanager.DnsValidatedCertificateProperties
Configuration passed to the constructor as DnsValidatedCertificateProps.
hostedZoneRequiredIHostedZoneRoute 53 Hosted Zone used to perform DNS validation of the request. The zone must be authoritative for the domain name specified in the Certificate Request.
cleanupRoute53RecordsOptionalbooleanWhen set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed. CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.
Default: false
customResourceRoleOptionalIRoleRole to use for the custom resource that creates the validated certificate.
Default: - A new role will be created
regionOptionalstringAWS region that will host the certificate. This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.
Default: the region the stack is deployed in.
route53EndpointOptionalstringAn endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop. Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.
Default: - The AWS SDK will determine the Route53 endpoint to use based on region
7 properties inherited from CertificateProps
domainNameRequiredinherited from CertificatePropsstringFully-qualified domain name to request a certificate for. May contain wildcards, such as ``*.domain.com``.
allowExportOptionalinherited from CertificatePropsbooleanEnable or disable export of this certificate. If you issue an exportable public certificate, there is a charge at certificate issuance and again when the certificate renews. Ref: https://aws.amazon.com/certificate-manager/pricing
Default: false
certificateNameOptionalinherited from CertificatePropsstringThe Certificate name. Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag
Default: the full, absolute path of this construct
keyAlgorithmOptionalinherited from CertificatePropsKeyAlgorithmSpecifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
Default: KeyAlgorithm.RSA_2048
subjectAlternativeNamesOptionalinherited from CertificatePropsstring[]Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site.
Default: - No additional FQDNs will be included as alternative domain names.
transparencyLoggingEnabledOptionalinherited from CertificatePropsbooleanEnable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.
Default: true
validationOptionalinherited from CertificatePropsCertificateValidationHow to validate this certificate.
Default: CertificateValidation.fromEmail()
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
aws-certificatemanager