Security News
Python Overtakes JavaScript as Top Programming Language on GitHub
Python becomes GitHub's top language in 2024, driven by AI and data science projects, while AI-powered security tools are gaining adoption.
@aws-cdk/aws-certificatemanager
Advanced tools
AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications. ACM certificates can secure singular domain names, multiple specific domain names, wildcard domains, or combinations of these. ACM wildcard certificates can protect an unlimited number of subdomains.
This package provides Constructs for provisioning and referencing ACM certificates which can be used with CloudFront and ELB.
After requesting a certificate, you will need to prove that you own the domain in question before the certificate will be granted. The CloudFormation deployment will wait until this verification process has been completed.
Because of this wait time, when using manual validation methods, it's better to provision your certificates either in a separate stack from your main service, or provision them manually and import them into your CDK application.
Note: There is a limit on total number of ACM certificates that can be requested on an account and region within a year. The default limit is 2000, but this limit may be (much) lower on new AWS accounts. See https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html for more information.
DNS validation is the preferred method to validate domain ownership, as it has a number of advantages over email validation. See also Validate with DNS in the AWS Certificate Manager User Guide.
If Amazon Route 53 is your DNS provider for the requested domain, the DNS record can be created automatically:
import * as acm from '@aws-cdk/aws-certificatemanager';
import * as route53 from '@aws-cdk/aws-route53';
const myHostedZone = new route53.HostedZone(this, 'HostedZone', {
zoneName: 'example.com',
});
new acm.Certificate(this, 'Certificate', {
domainName: 'hello.example.com',
validation: acm.CertificateValidation.fromDns(myHostedZone),
});
If Route 53 is not your DNS provider, the DNS records must be added manually and the stack will not complete creating until the records are added.
new acm.Certificate(this, 'Certificate', {
domainName: 'hello.example.com',
validation: acm.CertificateValidation.fromDns(), // Records must be added manually
});
When working with multiple domains, use the CertificateValidation.fromDnsMultiZone()
:
const exampleCom = new route53.HostedZone(this, 'ExampleCom', {
zoneName: 'example.com',
});
const exampleNet = new route53.HostedZone(this, 'ExampelNet', {
zoneName: 'example.net',
});
const cert = new acm.Certificate(this, 'Certificate', {
domainName: 'test.example.com',
subjectAlternativeNames: ['cool.example.com', 'test.example.net'],
validation: acm.CertificateValidation.fromDnsMultiZone({
'text.example.com': exampleCom,
'cool.example.com': exampleCom,
'test.example.net': exampleNet,
}),
});
Email-validated certificates (the default) are validated by receiving an email on one of a number of predefined domains and following the instructions in the email.
See Validate with Email in the AWS Certificate Manager User Guide.
new acm.Certificate(this, 'Certificate', {
domainName: 'hello.example.com',
validation: acm.CertificateValidation.fromEmail(), // Optional, this is the default
});
ACM certificates that are used with CloudFront -- or higher-level constructs which rely on CloudFront -- must be in the us-east-1
region.
The DnsValidatedCertificate
construct exists to faciliate creating these certificates cross-region. This resource can only be used with
Route53-based DNS validation.
new acm.DnsValidatedCertificate(this, 'CrossRegionCertificate', {
domainName: 'hello.example.com',
hostedZone: myHostedZone,
region: 'us-east-1',
});
If you want to import an existing certificate, you can do so from its ARN:
const arn = 'arn:aws:...';
const certificate = Certificate.fromCertificateArn(this, 'Certificate', arn);
To share the certificate between stacks in the same CDK application, simply
pass the Certificate
object between the stacks.
1.75.0 (2020-11-24)
keyId
property uses the ARN instead of the keyId
to support cross-account encryption key usage. The filesystem will be replaced.esbuild
to be installed.projectRoot
has been replaced by depsLockFilePath
. It should point to your dependency lock file (package-lock.json
or yarn.lock
)parcelEnvironment
has been renamed to bundlingEnvironment
sourceMaps
has been renamed to sourceMap
IVirtualNode
no longer has the addBackends()
method. A backend can be added to VirtualNode
using the addBackend()
method which accepts a single IVirtualService
IVirtualNode
no longer has the addListeners()
method. A listener can be added to VirtualNode
using the addListener()
method which accepts a single VirtualNodeListener
VirtualNode
no longer has a default listener. It is valid to have a VirtualNode
without any listenerslistener
of VirtualNode
has been renamed to listeners
, and its type changed to an array of listenersVirtualNodeListener
has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener
class--no-lookups
flag to disable context lookups (#11489) (0445a6e), closes #11461fromAccessPointAttributes()
(#10712) (ec72c85)targetRequestsPerSecond
is actually requests per minute (#11457) (39e277f), closes #11446extraRunOrderSpace
(#11511) (9b72fc8)FAQs
The CDK Construct Library for AWS::CertificateManager
The npm package @aws-cdk/aws-certificatemanager receives a total of 66,935 weekly downloads. As such, @aws-cdk/aws-certificatemanager popularity was classified as popular.
We found that @aws-cdk/aws-certificatemanager demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Python becomes GitHub's top language in 2024, driven by AI and data science projects, while AI-powered security tools are gaining adoption.
Security News
Dutch National Police and FBI dismantle Redline and Meta infostealer malware-as-a-service operations in Operation Magnus, seizing servers and source code.
Research
Security News
Socket is tracking a new trend where malicious actors are now exploiting the popularity of LLM research to spread malware through seemingly useful open source packages.