class PrivateCertificate (construct)
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.CertificateManager.PrivateCertificate |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awscertificatemanager#PrivateCertificate |
Java | software.amazon.awscdk.services.certificatemanager.PrivateCertificate |
Python | aws_cdk.aws_certificatemanager.PrivateCertificate |
TypeScript (source) | aws-cdk-lib » aws_certificatemanager » PrivateCertificate |
Implements
IConstruct
, IDependable
, IResource
, ICertificate
A private certificate managed by AWS Certificate Manager.
Example
import * as acmpca from 'aws-cdk-lib/aws-acmpca';
new acm.PrivateCertificate(this, 'PrivateCertificate', {
domainName: 'test.example.com',
subjectAlternativeNames: ['cool.example.com', 'test.example.net'], // optional
certificateAuthority: acmpca.CertificateAuthority.fromCertificateAuthorityArn(this, 'CA',
'arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77'),
keyAlgorithm: acm.KeyAlgorithm.RSA_2048, // optional, default algorithm is RSA_2048
});
Initializer
new PrivateCertificate(scope: Construct, id: string, props: PrivateCertificateProps)
Parameters
- scope
Construct
- id
string
- props
Private
Certificate Props
Construct Props
Name | Type | Description |
---|---|---|
certificate | ICertificate | Private certificate authority (CA) that will be used to issue the certificate. |
domain | string | Fully-qualified domain name to request a private certificate for. |
key | Key | Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. |
subject | string[] | Alternative domain names on your private certificate. |
certificateAuthority
Type:
ICertificate
Private certificate authority (CA) that will be used to issue the certificate.
domainName
Type:
string
Fully-qualified domain name to request a private certificate for.
May contain wildcards, such as *.domain.com
.
keyAlgorithm?
Type:
Key
(optional, default: KeyAlgorithm.RSA_2048)
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
See also: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
subjectAlternativeNames?
Type:
string[]
(optional, default: No additional FQDNs will be included as alternative domain names.)
Alternative domain names on your private certificate.
Use this to register alternative domain names that represent the same site.
Properties
Name | Type | Description |
---|---|---|
certificate | string | The certificate's ARN. |
env | Resource | The environment this resource belongs to. |
node | Node | The tree node. |
stack | Stack | The stack in which this resource is defined. |
region? | string | If the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric instances. |
certificateArn
Type:
string
The certificate's ARN.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
region?
Type:
string
(optional)
If the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric
instances.
Methods
Name | Description |
---|---|
apply | Apply the given removal policy to this resource. |
metric | Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day. |
to | Returns a string representation of this construct. |
static from | Import a certificate. |
RemovalPolicy(policy)
applypublic applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
DaysToExpiry(props?)
metricpublic metricDaysToExpiry(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day.
This metric is no longer emitted once the certificate has effectively expired, so alarms configured on this metric should probably treat missing data as "breaching".
String()
topublic toString(): string
Returns
string
Returns a string representation of this construct.
CertificateArn(scope, id, certificateArn)
static frompublic static fromCertificateArn(scope: Construct, id: string, certificateArn: string): ICertificate
Parameters
- scope
Construct
- id
string
- certificateArn
string
Returns
Import a certificate.