DnsValidatedCertificateProps¶
-
class
aws_cdk.aws_certificatemanager.
DnsValidatedCertificateProps
(*, domain_name, subject_alternative_names=None, validation=None, validation_domains=None, validation_method=None, hosted_zone, cleanup_route53_records=None, custom_resource_role=None, region=None, route53_endpoint=None)¶ Bases:
aws_cdk.aws_certificatemanager.CertificateProps
Properties to create a DNS validated certificate managed by AWS Certificate Manager.
- Parameters
domain_name (
str
) – Fully-qualified domain name to request a certificate for. May contain wildcards, such as*.domain.com
.subject_alternative_names (
Optional
[Sequence
[str
]]) – Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.validation (
Optional
[CertificateValidation
]) – How to validate this certificate. Default: CertificateValidation.fromEmail()validation_domains (
Optional
[Mapping
[str
,str
]]) – (deprecated) What validation domain to use for every requested domain. Has to be a superdomain of the requested domain. Default: - Apex domain is used for every domain that’s not overridden.validation_method (
Optional
[ValidationMethod
]) – (deprecated) Validation method used to assert domain ownership. Default: ValidationMethod.EMAILhosted_zone (
IHostedZone
) – Route 53 Hosted Zone used to perform DNS validation of the request. The zone must be authoritative for the domain name specified in the Certificate Request.cleanup_route53_records (
Optional
[bool
]) – When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed. CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use. Default: falsecustom_resource_role (
Optional
[IRole
]) – Role to use for the custom resource that creates the validated certificate. Default: - A new role will be createdregion (
Optional
[str
]) – AWS region that will host the certificate. This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1. Default: the region the stack is deployed in.route53_endpoint (
Optional
[str
]) – An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop. Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided. Default: - The AWS SDK will determine the Route53 endpoint to use based on region
- ExampleMetadata
infused
Example:
# my_hosted_zone: route53.HostedZone acm.DnsValidatedCertificate(self, "CrossRegionCertificate", domain_name="hello.example.com", hosted_zone=my_hosted_zone, region="us-east-1" )
Attributes
-
cleanup_route53_records
¶ When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.
CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.
- Default
false
- Return type
Optional
[bool
]
-
custom_resource_role
¶ Role to use for the custom resource that creates the validated certificate.
- Default
A new role will be created
- Return type
Optional
[IRole
]
-
domain_name
¶ Fully-qualified domain name to request a certificate for.
May contain wildcards, such as
*.domain.com
.- Return type
str
-
hosted_zone
¶ Route 53 Hosted Zone used to perform DNS validation of the request.
The zone must be authoritative for the domain name specified in the Certificate Request.
- Return type
-
region
¶ AWS region that will host the certificate.
This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.
- Default
the region the stack is deployed in.
- Return type
Optional
[str
]
-
route53_endpoint
¶ An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.
Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.
- Default
The AWS SDK will determine the Route53 endpoint to use based on region
- Return type
Optional
[str
]
-
subject_alternative_names
¶ Alternative domain names on your certificate.
Use this to register alternative domain names that represent the same site.
- Default
No additional FQDNs will be included as alternative domain names.
- Return type
Optional
[List
[str
]]
-
validation
¶ How to validate this certificate.
- Default
CertificateValidation.fromEmail()
- Return type
Optional
[CertificateValidation
]
-
validation_domains
¶ (deprecated) What validation domain to use for every requested domain.
Has to be a superdomain of the requested domain.
- Default
Apex domain is used for every domain that’s not overridden.
- Deprecated
use
validation
instead.- Stability
deprecated
- Return type
Optional
[Mapping
[str
,str
]]
-
validation_method
¶ (deprecated) Validation method used to assert domain ownership.
- Default
ValidationMethod.EMAIL
- Deprecated
use
validation
instead.- Stability
deprecated
- Return type
Optional
[ValidationMethod
]