Class CfnCertificate.Builder
- All Implemented Interfaces:
software.amazon.jsii.Builder<CfnCertificate>
- Enclosing class:
CfnCertificate
CfnCertificate
.-
Method Summary
Modifier and TypeMethodDescriptionbuild()
certificateAuthorityArn
(String certificateAuthorityArn) The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate.certificateTransparencyLoggingPreference
(String certificateTransparencyLoggingPreference) You can opt out of certificate transparency logging by specifying theDISABLED
option.static CfnCertificate.Builder
domainName
(String domainName) The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate.domainValidationOptions
(List<? extends Object> domainValidationOptions) Domain information that domain name registrars use to verify your identity.domainValidationOptions
(IResolvable domainValidationOptions) Domain information that domain name registrars use to verify your identity.keyAlgorithm
(String keyAlgorithm) Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.subjectAlternativeNames
(List<String> subjectAlternativeNames) Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.Key-value pairs that can identify the certificate.validationMethod
(String validationMethod) The method you want to use to validate that you own or control the domain associated with a public certificate.
-
Method Details
-
create
@Stability(Stable) public static CfnCertificate.Builder create(software.constructs.Construct scope, String id) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.- Returns:
- a new instance of
CfnCertificate.Builder
.
-
domainName
The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example,*.example.com
protectswww.example.com
,site.example.com
, andimages.example.com.
.- Parameters:
domainName
- The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example,*.example.com
protectswww.example.com
,site.example.com
, andimages.example.com.
. This parameter is required.- Returns:
this
- See Also:
-
certificateAuthorityArn
@Stability(Stable) public CfnCertificate.Builder certificateAuthorityArn(String certificateAuthorityArn) The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate.If you do not provide an ARN and you are trying to request a private certificate, ACM will attempt to issue a public certificate. For more information about private CAs, see the AWS Private Certificate Authority user guide. The ARN must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
- Parameters:
certificateAuthorityArn
- The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. This parameter is required.- Returns:
this
- See Also:
-
certificateTransparencyLoggingPreference
@Stability(Stable) public CfnCertificate.Builder certificateTransparencyLoggingPreference(String certificateTransparencyLoggingPreference) You can opt out of certificate transparency logging by specifying theDISABLED
option. Opt in by specifyingENABLED
.If you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.
Changing the certificate transparency logging preference will update the existing resource by calling
UpdateCertificateOptions
on the certificate. This action will not create a new resource.- Parameters:
certificateTransparencyLoggingPreference
- You can opt out of certificate transparency logging by specifying theDISABLED
option. Opt in by specifyingENABLED
. This parameter is required.- Returns:
this
- See Also:
-
domainValidationOptions
@Stability(Stable) public CfnCertificate.Builder domainValidationOptions(IResolvable domainValidationOptions) Domain information that domain name registrars use to verify your identity.In order for a AWS::CertificateManager::Certificate to be provisioned and validated in CloudFormation automatically, the
DomainName
property needs to be identical to one of theDomainName
property supplied in DomainValidationOptions, if the ValidationMethod is DNS. Failing to keep them like-for-like will result in failure to create the domain validation records in Route53.- Parameters:
domainValidationOptions
- Domain information that domain name registrars use to verify your identity. This parameter is required.- Returns:
this
- See Also:
-
domainValidationOptions
@Stability(Stable) public CfnCertificate.Builder domainValidationOptions(List<? extends Object> domainValidationOptions) Domain information that domain name registrars use to verify your identity.In order for a AWS::CertificateManager::Certificate to be provisioned and validated in CloudFormation automatically, the
DomainName
property needs to be identical to one of theDomainName
property supplied in DomainValidationOptions, if the ValidationMethod is DNS. Failing to keep them like-for-like will result in failure to create the domain validation records in Route53.- Parameters:
domainValidationOptions
- Domain information that domain name registrars use to verify your identity. This parameter is required.- Returns:
this
- See Also:
-
keyAlgorithm
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some AWS services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the AWS service where you plan to deploy your certificate. For more information about selecting an algorithm, see Key algorithms .
Algorithms supported for an ACM certificate request include:
RSA_2048
EC_prime256v1
EC_secp384r1
Other listed algorithms are for imported certificates only. > When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
Default: RSA_2048
- Parameters:
keyAlgorithm
- Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. This parameter is required.- Returns:
this
- See Also:
-
subjectAlternativeNames
@Stability(Stable) public CfnCertificate.Builder subjectAlternativeNames(List<String> subjectAlternativeNames) Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.For example, you can add www.example.net to a certificate for which the
DomainName
field is www.example.com if users can reach your site by using either name.- Parameters:
subjectAlternativeNames
- Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. This parameter is required.- Returns:
this
- See Also:
-
tags
Key-value pairs that can identify the certificate.- Parameters:
tags
- Key-value pairs that can identify the certificate. This parameter is required.- Returns:
this
- See Also:
-
validationMethod
The method you want to use to validate that you own or control the domain associated with a public certificate.You can validate with DNS or validate with email . We recommend that you use DNS validation.
If not specified, this property defaults to email validation.
- Parameters:
validationMethod
- The method you want to use to validate that you own or control the domain associated with a public certificate. This parameter is required.- Returns:
this
- See Also:
-
build
- Specified by:
build
in interfacesoftware.amazon.jsii.Builder<CfnCertificate>
- Returns:
- a newly built instance of
CfnCertificate
.
-