DnsValidatedCertificateProps
- class aws_cdk.aws_certificatemanager.DnsValidatedCertificateProps(*, domain_name, certificate_name=None, key_algorithm=None, subject_alternative_names=None, transparency_logging_enabled=None, validation=None, hosted_zone, cleanup_route53_records=None, custom_resource_role=None, region=None, route53_endpoint=None)
Bases:
CertificateProps
Properties to create a DNS validated certificate managed by AWS Certificate Manager.
- Parameters:
domain_name (
str
) – Fully-qualified domain name to request a certificate for. May contain wildcards, such as*.domain.com
.certificate_name (
Optional
[str
]) – The Certificate name. Since the Certificate resource doesn’t support providing a physical name, the value provided here will be recorded in theName
tag Default: the full, absolute path of this constructkey_algorithm (
Optional
[KeyAlgorithm
]) – Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048subject_alternative_names (
Optional
[Sequence
[str
]]) – Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.transparency_logging_enabled (
Optional
[bool
]) – Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: truevalidation (
Optional
[CertificateValidation
]) – How to validate this certificate. Default: CertificateValidation.fromEmail()hosted_zone (
IHostedZone
) – Route 53 Hosted Zone used to perform DNS validation of the request. The zone must be authoritative for the domain name specified in the Certificate Request.cleanup_route53_records (
Optional
[bool
]) – When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed. CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use. Default: falsecustom_resource_role (
Optional
[IRole
]) – Role to use for the custom resource that creates the validated certificate. Default: - A new role will be createdregion (
Optional
[str
]) – AWS region that will host the certificate. This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1. Default: the region the stack is deployed in.route53_endpoint (
Optional
[str
]) – An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop. Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided. Default: - The AWS SDK will determine the Route53 endpoint to use based on region
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_certificatemanager as certificatemanager from aws_cdk import aws_iam as iam from aws_cdk import aws_route53 as route53 # certificate_validation: certificatemanager.CertificateValidation # hosted_zone: route53.HostedZone # key_algorithm: certificatemanager.KeyAlgorithm # role: iam.Role dns_validated_certificate_props = certificatemanager.DnsValidatedCertificateProps( domain_name="domainName", hosted_zone=hosted_zone, # the properties below are optional certificate_name="certificateName", cleanup_route53_records=False, custom_resource_role=role, key_algorithm=key_algorithm, region="region", route53_endpoint="route53Endpoint", subject_alternative_names=["subjectAlternativeNames"], transparency_logging_enabled=False, validation=certificate_validation )
Attributes
- certificate_name
The Certificate name.
Since the Certificate resource doesn’t support providing a physical name, the value provided here will be recorded in the
Name
tag- Default:
the full, absolute path of this construct
- cleanup_route53_records
When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.
CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.
- Default:
false
- custom_resource_role
Role to use for the custom resource that creates the validated certificate.
- Default:
A new role will be created
- domain_name
Fully-qualified domain name to request a certificate for.
May contain wildcards, such as
*.domain.com
.
- hosted_zone
Route 53 Hosted Zone used to perform DNS validation of the request.
The zone must be authoritative for the domain name specified in the Certificate Request.
- key_algorithm
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
- Default:
KeyAlgorithm.RSA_2048
- See:
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
- region
AWS region that will host the certificate.
This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.
- Default:
the region the stack is deployed in.
- route53_endpoint
An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.
Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.
- Default:
The AWS SDK will determine the Route53 endpoint to use based on region
- subject_alternative_names
Alternative domain names on your certificate.
Use this to register alternative domain names that represent the same site.
- Default:
No additional FQDNs will be included as alternative domain names.
- transparency_logging_enabled
Enable or disable transparency logging for this certificate.
Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.
- validation
How to validate this certificate.
- Default:
CertificateValidation.fromEmail()