UNPKG

5.74 kBTypeScriptView Raw
1import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
2import * as route53 from '@aws-cdk/aws-route53';
3import { IResource } from '@aws-cdk/core';
4import { Construct } from 'constructs';
5import { CertificateBase } from './certificate-base';
6/**
7 * Represents a certificate in AWS Certificate Manager
8 */
9export interface ICertificate extends IResource {
10 /**
11 * The certificate's ARN
12 *
13 * @attribute
14 */
15 readonly certificateArn: string;
16 /**
17 * Return the DaysToExpiry metric for this AWS Certificate Manager
18 * Certificate. By default, this is the minimum value over 1 day.
19 *
20 * This metric is no longer emitted once the certificate has effectively
21 * expired, so alarms configured on this metric should probably treat missing
22 * data as "breaching".
23 */
24 metricDaysToExpiry(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
25}
26/**
27 * Properties for your certificate
28 */
29export interface CertificateProps {
30 /**
31 * Fully-qualified domain name to request a certificate for.
32 *
33 * May contain wildcards, such as ``*.domain.com``.
34 */
35 readonly domainName: string;
36 /**
37 * Alternative domain names on your certificate.
38 *
39 * Use this to register alternative domain names that represent the same site.
40 *
41 * @default - No additional FQDNs will be included as alternative domain names.
42 */
43 readonly subjectAlternativeNames?: string[];
44 /**
45 * What validation domain to use for every requested domain.
46 *
47 * Has to be a superdomain of the requested domain.
48 *
49 * @default - Apex domain is used for every domain that's not overridden.
50 * @deprecated use `validation` instead.
51 */
52 readonly validationDomains?: {
53 [domainName: string]: string;
54 };
55 /**
56 * Validation method used to assert domain ownership
57 *
58 * @default ValidationMethod.EMAIL
59 * @deprecated use `validation` instead.
60 */
61 readonly validationMethod?: ValidationMethod;
62 /**
63 * How to validate this certificate
64 *
65 * @default CertificateValidation.fromEmail()
66 */
67 readonly validation?: CertificateValidation;
68}
69/**
70 * Properties for certificate validation
71 */
72export interface CertificationValidationProps {
73 /**
74 * Validation method
75 *
76 * @default ValidationMethod.EMAIL
77 */
78 readonly method?: ValidationMethod;
79 /**
80 * Hosted zone to use for DNS validation
81 *
82 * @default - use email validation
83 */
84 readonly hostedZone?: route53.IHostedZone;
85 /**
86 * A map of hosted zones to use for DNS validation
87 *
88 * @default - use `hostedZone`
89 */
90 readonly hostedZones?: {
91 [domainName: string]: route53.IHostedZone;
92 };
93 /**
94 * Validation domains to use for email validation
95 *
96 * @default - Apex domain
97 */
98 readonly validationDomains?: {
99 [domainName: string]: string;
100 };
101}
102/**
103 * How to validate a certificate
104 */
105export declare class CertificateValidation {
106 readonly props: CertificationValidationProps;
107 /**
108 * Validate the certificate with DNS
109 *
110 * IMPORTANT: If `hostedZone` is not specified, DNS records must be added
111 * manually and the stack will not complete creating until the records are
112 * added.
113 *
114 * @param hostedZone the hosted zone where DNS records must be created
115 */
116 static fromDns(hostedZone?: route53.IHostedZone): CertificateValidation;
117 /**
118 * Validate the certificate with automatically created DNS records in multiple
119 * Amazon Route 53 hosted zones.
120 *
121 * @param hostedZones a map of hosted zones where DNS records must be created
122 * for the domains in the certificate
123 */
124 static fromDnsMultiZone(hostedZones: {
125 [domainName: string]: route53.IHostedZone;
126 }): CertificateValidation;
127 /**
128 * Validate the certificate with Email
129 *
130 * IMPORTANT: if you are creating a certificate as part of your stack, the stack
131 * will not complete creating until you read and follow the instructions in the
132 * email that you will receive.
133 *
134 * ACM will send validation emails to the following addresses:
135 *
136 * admin@domain.com
137 * administrator@domain.com
138 * hostmaster@domain.com
139 * postmaster@domain.com
140 * webmaster@domain.com
141 *
142 * For every domain that you register.
143 *
144 * @param validationDomains a map of validation domains to use for domains in the certificate
145 */
146 static fromEmail(validationDomains?: {
147 [domainName: string]: string;
148 }): CertificateValidation;
149 /**
150 * The validation method
151 */
152 readonly method: ValidationMethod;
153 /** @param props Certification validation properties */
154 private constructor();
155}
156/**
157 * A certificate managed by AWS Certificate Manager
158 */
159export declare class Certificate extends CertificateBase implements ICertificate {
160 /**
161 * Import a certificate
162 */
163 static fromCertificateArn(scope: Construct, id: string, certificateArn: string): ICertificate;
164 /**
165 * The certificate's ARN
166 */
167 readonly certificateArn: string;
168 constructor(scope: Construct, id: string, props: CertificateProps);
169}
170/**
171 * Method used to assert ownership of the domain
172 */
173export declare enum ValidationMethod {
174 /**
175 * Send email to a number of email addresses associated with the domain
176 *
177 * @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html
178 */
179 EMAIL = "EMAIL",
180 /**
181 * Validate ownership by adding appropriate DNS records
182 *
183 * @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
184 */
185 DNS = "DNS"
186}