Class DnsValidatedCertificateProps
Properties to create a DNS validated certificate managed by AWS Certificate Manager.
Inherited Members
Namespace: Amazon.CDK.AWS.CertificateManager
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class DnsValidatedCertificateProps : IDnsValidatedCertificateProps, ICertificatePropsSyntax (vb)
Public Class DnsValidatedCertificateProps Implements IDnsValidatedCertificateProps, ICertificatePropsRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CertificateManager;
using Amazon.CDK.AWS.IAM;
using Amazon.CDK.AWS.Route53;
CertificateValidation certificateValidation;
HostedZone hostedZone;
KeyAlgorithm keyAlgorithm;
Role role;
var dnsValidatedCertificateProps = new DnsValidatedCertificateProps {
DomainName = "domainName",
HostedZone = hostedZone,
// the properties below are optional
AllowExport = false,
CertificateName = "certificateName",
CleanupRoute53Records = false,
CustomResourceRole = role,
KeyAlgorithm = keyAlgorithm,
Region = "region",
Route53Endpoint = "route53Endpoint",
SubjectAlternativeNames = new [] { "subjectAlternativeNames" },
TransparencyLoggingEnabled = false,
Validation = certificateValidation
};Synopsis
Constructors
| DnsValidatedCertificateProps() | Properties to create a DNS validated certificate managed by AWS Certificate Manager. |
Properties
| AllowExport | Enable or disable export of this certificate. |
| CertificateName | The Certificate name. |
| CleanupRoute53Records | When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed. |
| CustomResourceRole | Role to use for the custom resource that creates the validated certificate. |
| DomainName | Fully-qualified domain name to request a certificate for. |
| HostedZone | Route 53 Hosted Zone used to perform DNS validation of the request. |
| KeyAlgorithm | Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. |
| Region | AWS region that will host the certificate. |
| Route53Endpoint | An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop. |
| SubjectAlternativeNames | Alternative domain names on your certificate. |
| TransparencyLoggingEnabled | Enable or disable transparency logging for this certificate. |
| Validation | How to validate this certificate. |
Constructors
DnsValidatedCertificateProps()
Properties to create a DNS validated certificate managed by AWS Certificate Manager.
public DnsValidatedCertificateProps()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CertificateManager;
using Amazon.CDK.AWS.IAM;
using Amazon.CDK.AWS.Route53;
CertificateValidation certificateValidation;
HostedZone hostedZone;
KeyAlgorithm keyAlgorithm;
Role role;
var dnsValidatedCertificateProps = new DnsValidatedCertificateProps {
DomainName = "domainName",
HostedZone = hostedZone,
// the properties below are optional
AllowExport = false,
CertificateName = "certificateName",
CleanupRoute53Records = false,
CustomResourceRole = role,
KeyAlgorithm = keyAlgorithm,
Region = "region",
Route53Endpoint = "route53Endpoint",
SubjectAlternativeNames = new [] { "subjectAlternativeNames" },
TransparencyLoggingEnabled = false,
Validation = certificateValidation
};Properties
AllowExport
Enable or disable export of this certificate.
public bool? AllowExport { get; set; }Property Value
bool?
Remarks
If you issue an exportable public certificate, there is a charge at certificate issuance and again when the certificate renews. Ref: https://aws.amazon.com/certificate-manager/pricing
Default: false
CertificateName
The Certificate name.
public string? CertificateName { get; set; }Property Value
Remarks
Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the Name tag
Default: the full, absolute path of this construct
CleanupRoute53Records
When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.
public bool? CleanupRoute53Records { get; set; }Property Value
bool?
Remarks
CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.
Default: false
CustomResourceRole
Role to use for the custom resource that creates the validated certificate.
public IRole? CustomResourceRole { get; set; }Property Value
Remarks
Default: - A new role will be created
DomainName
Fully-qualified domain name to request a certificate for.
public string DomainName { get; set; }Property Value
Remarks
May contain wildcards, such as *.domain.com.
HostedZone
Route 53 Hosted Zone used to perform DNS validation of the request.
public IHostedZone HostedZone { get; set; }Property Value
Remarks
The zone must be authoritative for the domain name specified in the Certificate Request.
KeyAlgorithm
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
public KeyAlgorithm? KeyAlgorithm { get; set; }Property Value
Remarks
Default: KeyAlgorithm.RSA_2048
See: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
Region
AWS region that will host the certificate.
public string? Region { get; set; }Property Value
Remarks
This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.
Default: the region the stack is deployed in.
Route53Endpoint
An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.
public string? Route53Endpoint { get; set; }Property Value
Remarks
Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.
Default: - The AWS SDK will determine the Route53 endpoint to use based on region
SubjectAlternativeNames
Alternative domain names on your certificate.
public string[]? SubjectAlternativeNames { get; set; }Property Value
string[]
Remarks
Use this to register alternative domain names that represent the same site.
Default: - No additional FQDNs will be included as alternative domain names.
TransparencyLoggingEnabled
Enable or disable transparency logging for this certificate.
public bool? TransparencyLoggingEnabled { get; set; }Property Value
bool?
Remarks
Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.
Default: true
See: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
Validation
How to validate this certificate.
public CertificateValidation? Validation { get; set; }Property Value
Remarks
Default: CertificateValidation.fromEmail()