UNPKG

3.17 kBTypeScriptView Raw
1import * as iam from '@aws-cdk/aws-iam';
2import * as route53 from '@aws-cdk/aws-route53';
3import * as cdk from '@aws-cdk/core';
4import { Construct } from 'constructs';
5import { CertificateProps, ICertificate } from './certificate';
6import { CertificateBase } from './certificate-base';
7/**
8 * Properties to create a DNS validated certificate managed by AWS Certificate Manager
9 *
10 */
11export interface DnsValidatedCertificateProps extends CertificateProps {
12 /**
13 * Route 53 Hosted Zone used to perform DNS validation of the request. The zone
14 * must be authoritative for the domain name specified in the Certificate Request.
15 */
16 readonly hostedZone: route53.IHostedZone;
17 /**
18 * AWS region that will host the certificate. This is needed especially
19 * for certificates used for CloudFront distributions, which require the region
20 * to be us-east-1.
21 *
22 * @default the region the stack is deployed in.
23 */
24 readonly region?: string;
25 /**
26 * An endpoint of Route53 service, which is not necessary as AWS SDK could figure
27 * out the right endpoints for most regions, but for some regions such as those in
28 * aws-cn partition, the default endpoint is not working now, hence the right endpoint
29 * need to be specified through this prop.
30 *
31 * Route53 is not been officially launched in China, it is only available for AWS
32 * internal accounts now. To make DnsValidatedCertificate work for internal accounts
33 * now, a special endpoint needs to be provided.
34 *
35 * @default - The AWS SDK will determine the Route53 endpoint to use based on region
36 */
37 readonly route53Endpoint?: string;
38 /**
39 * Role to use for the custom resource that creates the validated certificate
40 *
41 * @default - A new role will be created
42 */
43 readonly customResourceRole?: iam.IRole;
44 /**
45 * When set to true, when the DnsValidatedCertificate is deleted,
46 * the associated Route53 validation records are removed.
47 *
48 * CAUTION: If multiple certificates share the same domains (and same validation records),
49 * this can cause the other certificates to fail renewal and/or not validate.
50 * Not recommended for production use.
51 *
52 * @default false
53 */
54 readonly cleanupRoute53Records?: boolean;
55}
56/**
57 * A certificate managed by AWS Certificate Manager. Will be automatically
58 * validated using DNS validation against the specified Route 53 hosted zone.
59 *
60 * @resource AWS::CertificateManager::Certificate
61 */
62export declare class DnsValidatedCertificate extends CertificateBase implements ICertificate, cdk.ITaggable {
63 readonly certificateArn: string;
64 /**
65 * Resource Tags.
66 * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags
67 */
68 readonly tags: cdk.TagManager;
69 protected readonly region?: string;
70 private normalizedZoneName;
71 private hostedZoneId;
72 private domainName;
73 constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps);
74 protected validate(): string[];
75}