AWS Certificate Manager Construct Library
This package provides Constructs for provisioning and referencing certificates which
can be used in CloudFront and ELB.
Validation
If certificates are created as part of a CloudFormation run, the
CloudFormation provisioning will not complete until domain ownership for the
certificate is completed. For email validation, this involves receiving an
email on one of a number of predefined domains and following the instructions
in the email. The email addresses use will be:
DNS validation is possible in ACM, but is not currently available in CloudFormation.
A Custom Resource will be developed for this, but is not currently available.
Because of these blocks, it's probably better to provision your certificates either in a separate
stack from your main service, or provision them manually. In both cases, you'll import the
certificate into your stack afterwards.
Provisioning
Provision a new certificate by creating an instance of Certificate
. Email validation will be sent
to example.com
:
const certificate = new Certificate(this, 'Certificate', {
domainName: 'test.example.com'
});
Importing
Import a certificate either manually, if you know the ARN:
const certificate = Certificate.import(this, 'Certificate', {
certificteArn: "arn:aws:..."
});
Or use exporting and importing mechanisms between stacks:
const certRef = certStack.certificate.export();
const certificate = Certificate.import(this, 'Certificate', certRef);
We should probably also make a Custom Resource that can looks up the certificate ARN
by domain name by querying ACM.
0.12.0 (2018-10-12)
IMPORTANT NOTE: This release includes a fix for a bug that would make the toolkit unusable for multi-stack applications. In order to benefit from this fix, a globally installed CDK toolkit must also be updated:
$ npm i -g aws-cdk
$ cdk --version
0.12.0 (build ...)
Like always, you will also need to update your project's library versions:
Language | Update?
--------------------------- | ------------------------------------------------------------------------------------------------------------------
JavaScript/TypeScript (npm) | npx npm-check-updates -u
Java (maven) | mvn versions:use-latest-versions
.NET (NuGet) | nuget update
Bug Fixes
- aws-codebuild: allow passing oauth token to GitHubEnterpriseSource (#908) (c23da91)
- toolkit: multi-stack apps cannot be synthesized or deployed (#911) (5511076), closes #868 #294 #910
Features
- aws-cloudformation: add permission management to CreateUpdate and Delete Stack CodePipeline Actions. (#880) (8b3ae43)
- aws-codepipeline: make input and output artifact names optional when creating Actions. (#845) (3d91c93)
BREAKING CHANGES TO EXPERIMENTAL FEATURES
Previously, we always required customers to explicitly name the output artifacts the Actions used in the Pipeline, and to explicitly "wire together" the outputs of one Action as inputs to another. With this change, the CodePipeline Construct generates artifact names, if the customer didn't provide one explicitly, and tries to find the first available output artifact to use as input to a newly created Action that needs it, thus turning both the input and output artifacts from required to optional properties.