@aws-cdk/aws-certificatemanager

AWS Certificate Manager Construct Library

This package provides Constructs for provisioning and referencing certificates which can be used in CloudFront and ELB.

Validation

If certificates are created as part of a CloudFormation run, the CloudFormation provisioning will not complete until domain ownership for the certificate is completed. For email validation, this involves receiving an email on one of a number of predefined domains and following the instructions in the email. The email addresses use will be:

• admin@domain.com
• administrator@domain.com
• hostmaster@domain.com
• postmaster@domain.com
• webmaster@domain.com

DNS validation is possible in ACM, but is not currently available in CloudFormation. A Custom Resource will be developed for this, but is not currently available.

Because of these blocks, it's probably better to provision your certificates either in a separate stack from your main service, or provision them manually. In both cases, you'll import the certificate into your stack afterwards.

Provisioning

Provision a new certificate by creating an instance of Certificate. Email validation will be sent to example.com:

const certificate = new Certificate(this, 'Certificate', {
    domainName: 'test.example.com'
});

Importing

Import a certificate either manually, if you know the ARN:

const certificate = Certificate.import(this, 'Certificate', {
    certificteArn: "arn:aws:..."
});

Or use exporting and importing mechanisms between stacks:

const certRef = certStack.certificate.export();

const certificate = Certificate.import(this, 'Certificate', certRef);

We should probably also make a Custom Resource that can looks up the certificate ARN by domain name by querying ACM.

Changelog

0.10.0 (2018-09-27)

This release introduces a better way to "escape" L2 constructs in case of missing features by adding the ability to add arbitrary overrides for resource properties:

const bucket = new s3.Bucket(this, 'L2Bucket');

// access L1
const bucketResource = bucket.findChild('Resource') as s3.cloudformation.BucketResource;

// strongly-typed overrides
bucketResource.propertyOverrides.bucketName = 'NewBucketName';

// weakly-typed overrides
bucketResource.addPropertyOverride('BucketName', 'NewerBucketName');

Bug Fixes

• aws-codecommit: typo in README (#780) (0e79c2d)
• aws-ec2: fix capitalization of "VPCEndpointType" to "VpcEndpointType" (#789) (7a8ee2c), closes #765
• docs: fix issue #718 (Aurora DB example) (#783) (016f3a8)

Code Refactoring

• util: remove @aws-cdk/util (#745) (10015cb), closes #709

Features

• aws-cloudformation: rename the CodePipeline actions (#771) (007e7b4)
• aws-cloudformation: update the README of the module to reflect the new action names (#775) (6c0e75b), closes #771
• aws-codedeploy: add auto-scaling groups property to ServerDeploymentGroup (#739) (0b28886)
• aws-codedeploy: add deployment configuration construct (#653) (e6b67ad)
• aws-codepipeline, aws-codecommit, aws-s3: change the convention for naming the source Actions to XxxSourceAction (#753) (9c3ce7f)
• aws-elasticloadbalancingv2: support for ALB/NLB (#750) (bd9ee01)
• tagging support for AutoScaling/SecurityGroup (#766) (3d48eb2)
• core: resource overrides (escape hatch) (#784) (5054eef), closes #606
• toolkit: stop creating 'empty' stacks (#779) (1dddd8a)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cdk: the constructor signature of TagManager has changed. initialTags is now passed inside a props object.
• util: @aws-cdk/util is no longer available
• aws-elasticloadbalancingv2: adds classes for modeling Application and Network Load Balancers. AutoScalingGroups now implement the interface that makes constructs a load balancing target. The breaking change is that Security Group rule identifiers have been changed in order to make adding rules more reliable. No code changes are necessary but existing deployments may experience unexpected changes.
• aws-cloudformation: this renames all CloudFormation Actions for CodePipeline to bring them in line with Actions defined in other service packages.
• aws-codepipeline, aws-codecommit, aws-s3: change the names of the source Actions from XxxSource to XxxSourceAction. This is to align them with the other Actions, like Build. Also, CodeBuild has the concept of Sources, so it makes sense to strongly differentiate between the two.

CloudFormation Changes

• @aws-cdk/cfnspec: Updated [CloudFormation resource specification] to v2.8.0 ([@RomainMuller] in #767)

  • New Construct Libraries

    • @aws-cdk/aws-amazonmq
    • @aws-cdk/aws-iot1click

  • New Resource Types

    • AWS::IoT1Click::Device
    • AWS::IoT1Click::Placement
    • AWS::IoT1Click::Project

  • Attribute Changes

    • AWS::EC2::VPCEndpoint CreationTimestamp (added)
    • AWS::EC2::VPCEndpoint DnsEntries (added)
    • AWS::EC2::VPCEndpoint NetworkInterfaceIds (added)

  • Property Changes

    • AWS::ApiGateway::Deployment DeploymentCanarySettings (added)

    • AWS::ApiGateway::Method AuthorizationScopes (added)

    • AWS::ApiGateway::Stage AccessLogSetting (added)

    • AWS::ApiGateway::Stage CanarySetting (added)

    • AWS::AutoScaling::AutoScalingGroup LaunchTemplate (added)

    • AWS::CodeBuild::Project LogsConfig (added)

    • AWS::CodeBuild::Project SecondaryArtifacts (added)

    • AWS::CodeBuild::Project SecondarySources (added)

    • AWS::CodeDeploy::DeploymentGroup Ec2TagSet (added)

    • AWS::CodeDeploy::DeploymentGroup OnPremisesTagSet (added)

    • AWS::EC2::FlowLog LogDestination (added)

    • AWS::EC2::FlowLog LogDestinationType (added)

    • AWS::EC2::FlowLog DeliverLogsPermissionArn.Required (changed)

      • Old: true
      • New: false

    • AWS::EC2::FlowLog LogGroupName.Required (changed)

      • Old: true
      • New: false

    • AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (deleted)

    • AWS::EC2::VPCEndpoint PrivateDnsEnabled (added)

    • AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (added)

    • AWS::EC2::VPCEndpoint SecurityGroupIds.DuplicatesAllowed (added)

    • AWS::EC2::VPCEndpoint SubnetIds.DuplicatesAllowed (added)

    • AWS::EC2::VPCEndpoint VPCEndpointType.UpdateType (changed)

      • Old: Mutable
      • New: Immutable

    • AWS::ECS::Service SchedulingStrategy (added)

    • AWS::ECS::Service ServiceRegistries.UpdateType (changed)

      • Old: Mutable
      • New: Immutable

    • AWS::ElastiCache::ReplicationGroup NodeGroupConfiguration.UpdateType (changed)

      • Old: Immutable
      • New: Conditional

    • AWS::ElastiCache::ReplicationGroup NumNodeGroups.UpdateType (changed)

      • Old: Immutable
      • New: Conditional

    • AWS::RDS::DBCluster EngineMode (added)

    • AWS::RDS::DBCluster ScalingConfiguration (added)

    • AWS::SageMaker::NotebookInstance LifecycleConfigName.UpdateType (changed)

      • Old: Immutable
      • New: Mutable

  • Property Type Changes

    • AWS::ApiGateway::Deployment.AccessLogSetting (added)

    • AWS::ApiGateway::Deployment.CanarySetting (added)

    • AWS::ApiGateway::Deployment.DeploymentCanarySettings (added)

    • AWS::ApiGateway::Stage.AccessLogSetting (added)

    • AWS::ApiGateway::Stage.CanarySetting (added)

    • AWS::AutoScaling::AutoScalingGroup.LaunchTemplateSpecification (added)

    • AWS::CodeBuild::Project.CloudWatchLogsConfig (added)

    • AWS::CodeBuild::Project.LogsConfig (added)

    • AWS::CodeBuild::Project.S3LogsConfig (added)

    • AWS::CodeDeploy::DeploymentGroup.EC2TagSet (added)

    • AWS::CodeDeploy::DeploymentGroup.EC2TagSetListObject (added)

    • AWS::CodeDeploy::DeploymentGroup.OnPremisesTagSet (added)

    • AWS::CodeDeploy::DeploymentGroup.OnPremisesTagSetListObject (added)

    • AWS::EC2::SpotFleet.ClassicLoadBalancer (added)

    • AWS::EC2::SpotFleet.ClassicLoadBalancersConfig (added)

    • AWS::EC2::SpotFleet.FleetLaunchTemplateSpecification (added)

    • AWS::EC2::SpotFleet.LaunchTemplateConfig (added)

    • AWS::EC2::SpotFleet.LaunchTemplateOverrides (added)

    • AWS::EC2::SpotFleet.LoadBalancersConfig (added)

    • AWS::EC2::SpotFleet.TargetGroup (added)

    • AWS::EC2::SpotFleet.TargetGroupsConfig (added)

    • AWS::ECS::TaskDefinition.DockerVolumeConfiguration (added)

    • AWS::ECS::TaskDefinition.RepositoryCredentials (added)

    • AWS::ECS::TaskDefinition.Tmpfs (added)

    • AWS::Events::Rule.SqsParameters (added)

    • AWS::RDS::DBCluster.ScalingConfiguration (added)

    • AWS::ApiGateway::Deployment.StageDescription AccessLogSetting (added)

    • AWS::ApiGateway::Deployment.StageDescription CanarySetting (added)

    • AWS::ApiGateway::Method.Integration ConnectionId (added)

    • AWS::ApiGateway::Method.Integration ConnectionType (added)

    • AWS::ApiGateway::Method.Integration TimeoutInMillis (added)

    • AWS::ApiGateway::UsagePlan.ApiStage Throttle (added)

    • AWS::CodeBuild::Project.Artifacts ArtifactIdentifier (added)

    • AWS::CodeBuild::Project.Source SourceIdentifier (added)

    • AWS::CodeBuild::Project.VpcConfig SecurityGroupIds.Required (changed)

      • Old: true
      • New: false

    • AWS::CodeBuild::Project.VpcConfig Subnets.Required (changed)

      • Old: true
      • New: false

    • AWS::CodeBuild::Project.VpcConfig VpcId.Required (changed)

      • Old: true
      • New: false

    • AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Key.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-key
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-key

    • AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Type.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-type
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-type

    • AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Value.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-value
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-value

    • AWS::CodeDeploy::DeploymentGroup.TagFilter Key.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-key
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-key

    • AWS::CodeDeploy::DeploymentGroup.TagFilter Type.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-type
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-type

    • AWS::CodeDeploy::DeploymentGroup.TagFilter Value.Documentation (changed)

      • Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-value
      • New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-value

    • AWS::EC2::SpotFleet.SpotFleetRequestConfigData InstanceInterruptionBehavior (added)

    • AWS::EC2::SpotFleet.SpotFleetRequestConfigData LaunchTemplateConfigs (added)

    • AWS::EC2::SpotFleet.SpotFleetRequestConfigData LoadBalancersConfig (added)

    • AWS::EC2::SpotFleet.SpotPlacement Tenancy (added)

    • AWS::ECS::Service.ServiceRegistry ContainerName (added)

    • AWS::ECS::Service.ServiceRegistry ContainerPort (added)

    • AWS::ECS::Service.ServiceRegistry Port.UpdateType (changed)

      • Old: Mutable
      • New: Immutable

    • AWS::ECS::Service.ServiceRegistry RegistryArn.UpdateType (changed)

      • Old: Mutable
      • New: Immutable

    • AWS::ECS::TaskDefinition.ContainerDefinition RepositoryCredentials (added)

    • AWS::ECS::TaskDefinition.LinuxParameters SharedMemorySize (added)

    • AWS::ECS::TaskDefinition.LinuxParameters Tmpfs (added)

    • AWS::ECS::TaskDefinition.Volume DockerVolumeConfiguration (added)

    • AWS::ElastiCache::ReplicationGroup.NodeGroupConfiguration NodeGroupId (added)

    • AWS::Events::Rule.Target SqsParameters (added)

    • AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.DuplicatesAllowed (added)

    • AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.ItemType (added)

    • AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.Type (changed)

      • Old: OptionSetting
      • New: List