@sv-oss/cdk-cleanup-certificate-validation-records
Advanced tools
This CDK construct takes care of cleaning up the orphaned Route53 CNAME validation records left behind when deleting a certificate that had DNS validation enabled.
This CDK construct takes care of cleaning up the orphaned Route53 CNAME validation records left behind when deleting a certificate that had DNS validation enabled.
The issue is better explained here: https://github.com/aws/aws-cdk/issues/11201
The construct can be instantiated explicitely to cleanup after a specific certificate
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { CertificateValidationRecordCleanup } from '@sv-oss/cdk-cleanup-certificate-validation-records'
export class TestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: TestStackProps) {
super(scope, id, props);
zone = new cdk.aws_route53.PublicHostedZone(this, 'Zone', {
zoneName: 'my.zone.net',
});
const cert1 = new cdk.aws_certificatemanager.Certificate(this, 'Cert', {
domainName: `mydomain.${envHostedZoneExternal.zoneName}`,
validation: cdk.aws_certificatemanager.CertificateValidation.fromDns(zone),
subjectAlternativeNames: [
`mydomain2.${zone.zoneName}`,
`mydomain3.${zone.zoneName}`,
],
});
const cert2 = new cdk.aws_certificatemanager.Certificate(this, 'Cert', {
domainName: `another.${envHostedZoneExternal.zoneName}`,
validation: cdk.aws_certificatemanager.CertificateValidation.fromDns(zone),
});
new CertificateValidationRecordCleanup(this, `cleanup-${cert1.node.id}`, {
certificate: cert1,
hostedZone: envHostedZoneExternal,
});
new CertificateValidationRecordCleanup(this, `cleanup-${cert2.node.id}`, {
certificate: cert2,
hostedZone: envHostedZoneExternal,
});
};
}
The construct can be instantiated automatically against any Certificate resource created within a stack through the use of Aspects
In this example, we have knowledge of the hosted zone
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class TestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: TestStackProps) {
super(scope, id, props);
zone = new cdk.aws_route53.PublicHostedZone(this, 'Zone', {
zoneName: 'my.zone.net',
});
new cdk.aws_certificatemanager.Certificate(this, 'Cert', {
domainName: `mydomain.${envHostedZoneExternal.zoneName}`,
validation: cdk.aws_certificatemanager.CertificateValidation.fromDns(zone),
subjectAlternativeNames: [
`mydomain2.${zone.zoneName}`,
`mydomain3.${zone.zoneName}`,
],
});
new cdk.aws_certificatemanager.Certificate(this, 'Cert', {
domainName: `another.${envHostedZoneExternal.zoneName}`,
validation: cdk.aws_certificatemanager.CertificateValidation.fromDns(zone),
});
cdk.Aspects.of(this).add({
visit: (c) => {
if (c instanceof cdk.aws_certificatemanager.Certificate) {
new CertificateValidationRecordCleanup(this, `cleanup-${c.node.id}`, {
certificate: c,
hostedZone: zone,
});
}
},
});
};
}
The construct can be instantiated automatically against any Certificate resource created within a stack through the use of Aspects
In this example, we have no knowledge of the hosted zone used to validate the certificate so we use a bit of brute force to derive it from the Certificate L1 resource
import * as cdk from 'aws-cdk-lib';
const app = new cdk.App();
const blackBoxStack = new BlackBoxStack(app, 'my-blackbox-stack');
cdk.Aspects.of(blackBoxStack).add({
visit: (c) => {
if (c instanceof cdk.aws_certificatemanager.Certificate) {
const cfnRes = c.node.defaultChild as cdk.aws_certificatemanager.CfnCertificate;
const valOpts = (cfnRes.domainValidationOptions as cdk.aws_certificatemanager.CfnCertificate.DomainValidationOptionProperty[])[0];
new CertificateValidationRecordCleanup(c, `cleanup-${c.node.id}`, {
certificate: c,
hostedZone: cdk.aws_route53.HostedZone.fromHostedZoneId(c, `lookup-${c.node.id}`, valOpts.hostedZoneId!),
});
}
},
});
FAQs
This CDK construct takes care of cleaning up the orphaned Route53 CNAME validation records left behind when deleting a certificate that had DNS validation enabled.
The npm package @sv-oss/cdk-cleanup-certificate-validation-records receives a total of 0 weekly downloads. As such, @sv-oss/cdk-cleanup-certificate-validation-records popularity was classified as not popular.
We found that @sv-oss/cdk-cleanup-certificate-validation-records demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.
Research
/Security News
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.