1 | import * as iam from '@aws-cdk/aws-iam';
|
2 | import * as route53 from '@aws-cdk/aws-route53';
|
3 | import * as cdk from '@aws-cdk/core';
|
4 | import { Construct } from 'constructs';
|
5 | import { CertificateProps, ICertificate } from './certificate';
|
6 | import { CertificateBase } from './certificate-base';
|
7 | /**
|
8 | * Properties to create a DNS validated certificate managed by AWS Certificate Manager
|
9 | *
|
10 | */
|
11 | export interface DnsValidatedCertificateProps extends CertificateProps {
|
12 | /**
|
13 | * Route 53 Hosted Zone used to perform DNS validation of the request. The zone
|
14 | * must be authoritative for the domain name specified in the Certificate Request.
|
15 | */
|
16 | readonly hostedZone: route53.IHostedZone;
|
17 | /**
|
18 | * AWS region that will host the certificate. This is needed especially
|
19 | * for certificates used for CloudFront distributions, which require the region
|
20 | * to be us-east-1.
|
21 | *
|
22 | * @default the region the stack is deployed in.
|
23 | */
|
24 | readonly region?: string;
|
25 | /**
|
26 | * An endpoint of Route53 service, which is not necessary as AWS SDK could figure
|
27 | * out the right endpoints for most regions, but for some regions such as those in
|
28 | * aws-cn partition, the default endpoint is not working now, hence the right endpoint
|
29 | * need to be specified through this prop.
|
30 | *
|
31 | * Route53 is not been officially launched in China, it is only available for AWS
|
32 | * internal accounts now. To make DnsValidatedCertificate work for internal accounts
|
33 | * now, a special endpoint needs to be provided.
|
34 | *
|
35 | * @default - The AWS SDK will determine the Route53 endpoint to use based on region
|
36 | */
|
37 | readonly route53Endpoint?: string;
|
38 | /**
|
39 | * Role to use for the custom resource that creates the validated certificate
|
40 | *
|
41 | * @default - A new role will be created
|
42 | */
|
43 | readonly customResourceRole?: iam.IRole;
|
44 | /**
|
45 | * When set to true, when the DnsValidatedCertificate is deleted,
|
46 | * the associated Route53 validation records are removed.
|
47 | *
|
48 | * CAUTION: If multiple certificates share the same domains (and same validation records),
|
49 | * this can cause the other certificates to fail renewal and/or not validate.
|
50 | * Not recommended for production use.
|
51 | *
|
52 | * @default false
|
53 | */
|
54 | readonly cleanupRoute53Records?: boolean;
|
55 | }
|
56 | /**
|
57 | * A certificate managed by AWS Certificate Manager. Will be automatically
|
58 | * validated using DNS validation against the specified Route 53 hosted zone.
|
59 | *
|
60 | * @resource AWS::CertificateManager::Certificate
|
61 | */
|
62 | export declare class DnsValidatedCertificate extends CertificateBase implements ICertificate, cdk.ITaggable {
|
63 | readonly certificateArn: string;
|
64 | /**
|
65 | * Resource Tags.
|
66 | * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags
|
67 | */
|
68 | readonly tags: cdk.TagManager;
|
69 | protected readonly region?: string;
|
70 | private normalizedZoneName;
|
71 | private hostedZoneId;
|
72 | private domainName;
|
73 | constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps);
|
74 | protected validate(): string[];
|
75 | }
|