aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate

class DnsValidatedCertificate (construct) ⚠️

LanguageType name
.NETAmazon.CDK.AWS.CertificateManager.DnsValidatedCertificate
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscertificatemanager#DnsValidatedCertificate
Javasoftware.amazon.awscdk.services.certificatemanager.DnsValidatedCertificate
Pythonaws_cdk.aws_certificatemanager.DnsValidatedCertificate
TypeScript (source)aws-cdk-lib » aws_certificatemanager » DnsValidatedCertificate

⚠️ Deprecated: use {@link Certificate } instead

Implements IConstruct, IDependable, IResource, ICertificate, ITaggable

A certificate managed by AWS Certificate Manager.

Will be automatically validated using DNS validation against the specified Route 53 hosted zone.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_certificatemanager as certificatemanager } from 'aws-cdk-lib';
import { aws_iam as iam } from 'aws-cdk-lib';
import { aws_route53 as route53 } from 'aws-cdk-lib';

declare const certificateValidation: certificatemanager.CertificateValidation;
declare const hostedZone: route53.HostedZone;
declare const role: iam.Role;
const dnsValidatedCertificate = new certificatemanager.DnsValidatedCertificate(this, 'MyDnsValidatedCertificate', {
  domainName: 'domainName',
  hostedZone: hostedZone,

  // the properties below are optional
  certificateName: 'certificateName',
  cleanupRoute53Records: false,
  customResourceRole: role,
  region: 'region',
  route53Endpoint: 'route53Endpoint',
  subjectAlternativeNames: ['subjectAlternativeNames'],
  transparencyLoggingEnabled: false,
  validation: certificateValidation,
});

Initializer

new DnsValidatedCertificate(scope: Construct, id: string, props: DnsValidatedCertificateProps)

⚠️ Deprecated: use {@link Certificate } instead

Parameters

  • scope Construct
  • id string
  • props DnsValidatedCertificateProps

Construct Props

NameTypeDescription
domainNamestringFully-qualified domain name to request a certificate for.
hostedZoneIHostedZoneRoute 53 Hosted Zone used to perform DNS validation of the request.
certificateName?stringThe Certifcate name.
cleanupRoute53Records?booleanWhen set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.
customResourceRole?IRoleRole to use for the custom resource that creates the validated certificate.
region?stringAWS region that will host the certificate.
route53Endpoint?stringAn endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.
subjectAlternativeNames?string[]Alternative domain names on your certificate.
transparencyLoggingEnabled?booleanEnable or disable transparency logging for this certificate.
validation?CertificateValidationHow to validate this certificate.

domainName

Type: string

Fully-qualified domain name to request a certificate for.

May contain wildcards, such as *.domain.com.


hostedZone

Type: IHostedZone

Route 53 Hosted Zone used to perform DNS validation of the request.

The zone must be authoritative for the domain name specified in the Certificate Request.


certificateName?

Type: string (optional, default: the full, absolute path of this construct)

The Certifcate name.

Since the Certifcate resource doesn't support providing a physical name, the value provided here will be recorded in the Name tag


cleanupRoute53Records?

Type: boolean (optional, default: false)

When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.

CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.


customResourceRole?

Type: IRole (optional, default: A new role will be created)

Role to use for the custom resource that creates the validated certificate.


region?

Type: string (optional, default: the region the stack is deployed in.)

AWS region that will host the certificate.

This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.


route53Endpoint?

Type: string (optional, default: The AWS SDK will determine the Route53 endpoint to use based on region)

An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.

Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.


subjectAlternativeNames?

Type: string[] (optional, default: No additional FQDNs will be included as alternative domain names.)

Alternative domain names on your certificate.

Use this to register alternative domain names that represent the same site.


transparencyLoggingEnabled?

Type: boolean (optional, default: true)

Enable or disable transparency logging for this certificate.

Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.

See also: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency


validation?

Type: CertificateValidation (optional, default: CertificateValidation.fromEmail())

How to validate this certificate.

Properties

NameTypeDescription
certificateArn⚠️stringThe certificate's ARN.
env⚠️ResourceEnvironmentThe environment this resource belongs to.
node⚠️NodeThe tree node.
stack⚠️StackThe stack in which this resource is defined.
tags⚠️TagManagerResource Tags.
region?⚠️stringIf the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric instances.

certificateArn⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: string

The certificate's ARN.


env⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: Node

The tree node.


stack⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: Stack

The stack in which this resource is defined.


tags⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: TagManager

Resource Tags.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags


region?⚠️

⚠️ Deprecated: use {@link Certificate } instead

Type: string (optional)

If the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric instances.

Methods

NameDescription
applyRemovalPolicy(policy)⚠️Apply the given removal policy to this resource.
metricDaysToExpiry(props?)⚠️Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day.
toString()⚠️Returns a string representation of this construct.

applyRemovalPolicy(policy)⚠️

public applyRemovalPolicy(policy: RemovalPolicy): void

⚠️ Deprecated: use {@link Certificate } instead

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


metricDaysToExpiry(props?)⚠️

public metricDaysToExpiry(props?: MetricOptions): Metric

⚠️ Deprecated: use {@link Certificate } instead

Parameters

  • props MetricOptions

Returns

  • Metric

Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day.

This metric is no longer emitted once the certificate has effectively expired, so alarms configured on this metric should probably treat missing data as "breaching".


toString()⚠️

public toString(): string

⚠️ Deprecated: use {@link Certificate } instead

Returns

  • string

Returns a string representation of this construct.