1 | import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
|
2 | import * as route53 from '@aws-cdk/aws-route53';
|
3 | import { IResource } from '@aws-cdk/core';
|
4 | import { Construct } from 'constructs';
|
5 | import { CertificateBase } from './certificate-base';
|
6 | /**
|
7 | * Represents a certificate in AWS Certificate Manager
|
8 | */
|
9 | export interface ICertificate extends IResource {
|
10 | /**
|
11 | * The certificate's ARN
|
12 | *
|
13 | * @attribute
|
14 | */
|
15 | readonly certificateArn: string;
|
16 | /**
|
17 | * Return the DaysToExpiry metric for this AWS Certificate Manager
|
18 | * Certificate. By default, this is the minimum value over 1 day.
|
19 | *
|
20 | * This metric is no longer emitted once the certificate has effectively
|
21 | * expired, so alarms configured on this metric should probably treat missing
|
22 | * data as "breaching".
|
23 | */
|
24 | metricDaysToExpiry(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
25 | }
|
26 | /**
|
27 | * Properties for your certificate
|
28 | */
|
29 | export interface CertificateProps {
|
30 | /**
|
31 | * Fully-qualified domain name to request a certificate for.
|
32 | *
|
33 | * May contain wildcards, such as ``*.domain.com``.
|
34 | */
|
35 | readonly domainName: string;
|
36 | /**
|
37 | * Alternative domain names on your certificate.
|
38 | *
|
39 | * Use this to register alternative domain names that represent the same site.
|
40 | *
|
41 | * @default - No additional FQDNs will be included as alternative domain names.
|
42 | */
|
43 | readonly subjectAlternativeNames?: string[];
|
44 | /**
|
45 | * What validation domain to use for every requested domain.
|
46 | *
|
47 | * Has to be a superdomain of the requested domain.
|
48 | *
|
49 | * @default - Apex domain is used for every domain that's not overridden.
|
50 | * @deprecated use `validation` instead.
|
51 | */
|
52 | readonly validationDomains?: {
|
53 | [domainName: string]: string;
|
54 | };
|
55 | /**
|
56 | * Validation method used to assert domain ownership
|
57 | *
|
58 | * @default ValidationMethod.EMAIL
|
59 | * @deprecated use `validation` instead.
|
60 | */
|
61 | readonly validationMethod?: ValidationMethod;
|
62 | /**
|
63 | * How to validate this certificate
|
64 | *
|
65 | * @default CertificateValidation.fromEmail()
|
66 | */
|
67 | readonly validation?: CertificateValidation;
|
68 | }
|
69 | /**
|
70 | * Properties for certificate validation
|
71 | */
|
72 | export interface CertificationValidationProps {
|
73 | /**
|
74 | * Validation method
|
75 | *
|
76 | * @default ValidationMethod.EMAIL
|
77 | */
|
78 | readonly method?: ValidationMethod;
|
79 | /**
|
80 | * Hosted zone to use for DNS validation
|
81 | *
|
82 | * @default - use email validation
|
83 | */
|
84 | readonly hostedZone?: route53.IHostedZone;
|
85 | /**
|
86 | * A map of hosted zones to use for DNS validation
|
87 | *
|
88 | * @default - use `hostedZone`
|
89 | */
|
90 | readonly hostedZones?: {
|
91 | [domainName: string]: route53.IHostedZone;
|
92 | };
|
93 | /**
|
94 | * Validation domains to use for email validation
|
95 | *
|
96 | * @default - Apex domain
|
97 | */
|
98 | readonly validationDomains?: {
|
99 | [domainName: string]: string;
|
100 | };
|
101 | }
|
102 | /**
|
103 | * How to validate a certificate
|
104 | */
|
105 | export declare class CertificateValidation {
|
106 | readonly props: CertificationValidationProps;
|
107 | /**
|
108 | * Validate the certificate with DNS
|
109 | *
|
110 | * IMPORTANT: If `hostedZone` is not specified, DNS records must be added
|
111 | * manually and the stack will not complete creating until the records are
|
112 | * added.
|
113 | *
|
114 | * @param hostedZone the hosted zone where DNS records must be created
|
115 | */
|
116 | static fromDns(hostedZone?: route53.IHostedZone): CertificateValidation;
|
117 | /**
|
118 | * Validate the certificate with automatically created DNS records in multiple
|
119 | * Amazon Route 53 hosted zones.
|
120 | *
|
121 | * @param hostedZones a map of hosted zones where DNS records must be created
|
122 | * for the domains in the certificate
|
123 | */
|
124 | static fromDnsMultiZone(hostedZones: {
|
125 | [domainName: string]: route53.IHostedZone;
|
126 | }): CertificateValidation;
|
127 | /**
|
128 | * Validate the certificate with Email
|
129 | *
|
130 | * IMPORTANT: if you are creating a certificate as part of your stack, the stack
|
131 | * will not complete creating until you read and follow the instructions in the
|
132 | * email that you will receive.
|
133 | *
|
134 | * ACM will send validation emails to the following addresses:
|
135 | *
|
136 | * admin@domain.com
|
137 | * administrator@domain.com
|
138 | * hostmaster@domain.com
|
139 | * postmaster@domain.com
|
140 | * webmaster@domain.com
|
141 | *
|
142 | * For every domain that you register.
|
143 | *
|
144 | * @param validationDomains a map of validation domains to use for domains in the certificate
|
145 | */
|
146 | static fromEmail(validationDomains?: {
|
147 | [domainName: string]: string;
|
148 | }): CertificateValidation;
|
149 | /**
|
150 | * The validation method
|
151 | */
|
152 | readonly method: ValidationMethod;
|
153 | /** @param props Certification validation properties */
|
154 | private constructor();
|
155 | }
|
156 | /**
|
157 | * A certificate managed by AWS Certificate Manager
|
158 | */
|
159 | export declare class Certificate extends CertificateBase implements ICertificate {
|
160 | /**
|
161 | * Import a certificate
|
162 | */
|
163 | static fromCertificateArn(scope: Construct, id: string, certificateArn: string): ICertificate;
|
164 | /**
|
165 | * The certificate's ARN
|
166 | */
|
167 | readonly certificateArn: string;
|
168 | constructor(scope: Construct, id: string, props: CertificateProps);
|
169 | }
|
170 | /**
|
171 | * Method used to assert ownership of the domain
|
172 | */
|
173 | export declare enum ValidationMethod {
|
174 | /**
|
175 | * Send email to a number of email addresses associated with the domain
|
176 | *
|
177 | * @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html
|
178 | */
|
179 | EMAIL = "EMAIL",
|
180 | /**
|
181 | * Validate ownership by adding appropriate DNS records
|
182 | *
|
183 | * @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
|
184 | */
|
185 | DNS = "DNS"
|
186 | }
|