Class: AWSCDK::CertificateManager::DNSValidatedCertificateProps

Inherits:
CertificateProps
  • Object
show all
Defined in:
certificate_manager/dns_validated_certificate_props.rb

Overview

Properties to create a DNS validated certificate managed by AWS Certificate Manager.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(domain_name:, allow_export: nil, certificate_name: nil, key_algorithm: nil, subject_alternative_names: nil, transparency_logging_enabled: nil, validation: nil, hosted_zone:, cleanup_route53_records: nil, custom_resource_role: nil, region: nil, route53_endpoint: nil) ⇒ DNSValidatedCertificateProps

Returns a new instance of DNSValidatedCertificateProps.

Parameters:

  • domain_name (String)

    Fully-qualified domain name to request a certificate for.

  • allow_export (Boolean, nil) (defaults to: nil)

    Enable or disable export of this certificate.

  • certificate_name (String, nil) (defaults to: nil)

    The Certificate name.

  • key_algorithm (AWSCDK::CertificateManager::KeyAlgorithm, nil) (defaults to: nil)

    Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.

  • subject_alternative_names (Array<String>, nil) (defaults to: nil)

    Alternative domain names on your certificate.

  • transparency_logging_enabled (Boolean, nil) (defaults to: nil)

    Enable or disable transparency logging for this certificate.

  • validation (AWSCDK::CertificateManager::CertificateValidation, nil) (defaults to: nil)

    How to validate this certificate.

  • hosted_zone (AWSCDK::Route53::IHostedZone)

    Route 53 Hosted Zone used to perform DNS validation of the request.

  • cleanup_route53_records (Boolean, nil) (defaults to: nil)

    When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.

  • custom_resource_role (AWSCDK::IAM::IRole, nil) (defaults to: nil)

    Role to use for the custom resource that creates the validated certificate.

  • region (String, nil) (defaults to: nil)

    AWS region that will host the certificate.

  • route53_endpoint (String, nil) (defaults to: nil)

    An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'certificate_manager/dns_validated_certificate_props.rb', line 19

def initialize(domain_name:, allow_export: nil, certificate_name: nil, key_algorithm: nil, subject_alternative_names: nil, transparency_logging_enabled: nil, validation: nil, hosted_zone:, cleanup_route53_records: nil, custom_resource_role: nil, region: nil, route53_endpoint: nil)
  @domain_name = domain_name
  Jsii::Type.check_type(@domain_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "domainName")
  @allow_export = allow_export
  Jsii::Type.check_type(@allow_export, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "allowExport") unless @allow_export.nil?
  @certificate_name = certificate_name
  Jsii::Type.check_type(@certificate_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "certificateName") unless @certificate_name.nil?
  @key_algorithm = key_algorithm
  Jsii::Type.check_type(@key_algorithm, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY2VydGlmaWNhdGVtYW5hZ2VyLktleUFsZ29yaXRobSJ9")), "keyAlgorithm") unless @key_algorithm.nil?
  @subject_alternative_names = subject_alternative_names
  Jsii::Type.check_type(@subject_alternative_names, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "subjectAlternativeNames") unless @subject_alternative_names.nil?
  @transparency_logging_enabled = transparency_logging_enabled
  Jsii::Type.check_type(@transparency_logging_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "transparencyLoggingEnabled") unless @transparency_logging_enabled.nil?
  @validation = validation
  Jsii::Type.check_type(@validation, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY2VydGlmaWNhdGVtYW5hZ2VyLkNlcnRpZmljYXRlVmFsaWRhdGlvbiJ9")), "validation") unless @validation.nil?
  @hosted_zone = hosted_zone
  Jsii::Type.check_type(@hosted_zone, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfcm91dGU1My5JSG9zdGVkWm9uZSJ9")), "hostedZone")
  @cleanup_route53_records = cleanup_route53_records
  Jsii::Type.check_type(@cleanup_route53_records, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "cleanupRoute53Records") unless @cleanup_route53_records.nil?
  @custom_resource_role = custom_resource_role
  Jsii::Type.check_type(@custom_resource_role, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklSb2xlIn0=")), "customResourceRole") unless @custom_resource_role.nil?
  @region = region
  Jsii::Type.check_type(@region, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "region") unless @region.nil?
  @route53_endpoint = route53_endpoint
  Jsii::Type.check_type(@route53_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "route53Endpoint") unless @route53_endpoint.nil?
end

Instance Attribute Details

#allow_exportBoolean? (readonly)

Note:

Default: false

Enable or disable export of this certificate.

If you issue an exportable public certificate, there is a charge at certificate issuance and again when the certificate renews. Ref: https://aws.amazon.com/certificate-manager/pricing

Returns:

  • (Boolean, nil)


59
60
61
# File 'certificate_manager/dns_validated_certificate_props.rb', line 59

def allow_export
  @allow_export
end

#certificate_nameString? (readonly)

Note:

Default: the full, absolute path of this construct

The Certificate name.

Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the Name tag

Returns:

  • (String, nil)


66
67
68
# File 'certificate_manager/dns_validated_certificate_props.rb', line 66

def certificate_name
  @certificate_name
end

#cleanup_route53_recordsBoolean? (readonly)

Note:

Default: false

When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.

CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.

Returns:

  • (Boolean, nil)


112
113
114
# File 'certificate_manager/dns_validated_certificate_props.rb', line 112

def cleanup_route53_records
  @cleanup_route53_records
end

#custom_resource_roleAWSCDK::IAM::IRole? (readonly)

Note:

Default: - A new role will be created

Role to use for the custom resource that creates the validated certificate.

Returns:



117
118
119
# File 'certificate_manager/dns_validated_certificate_props.rb', line 117

def custom_resource_role
  @custom_resource_role
end

#domain_nameString (readonly)

Fully-qualified domain name to request a certificate for.

May contain wildcards, such as *.domain.com.

Returns:

  • (String)


51
52
53
# File 'certificate_manager/dns_validated_certificate_props.rb', line 51

def domain_name
  @domain_name
end

#hosted_zoneAWSCDK::Route53::IHostedZone (readonly)

Route 53 Hosted Zone used to perform DNS validation of the request.

The zone must be authoritative for the domain name specified in the Certificate Request.



103
104
105
# File 'certificate_manager/dns_validated_certificate_props.rb', line 103

def hosted_zone
  @hosted_zone
end

#key_algorithmAWSCDK::CertificateManager::KeyAlgorithm? (readonly)

Note:

Default: KeyAlgorithm.RSA_2048

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.



72
73
74
# File 'certificate_manager/dns_validated_certificate_props.rb', line 72

def key_algorithm
  @key_algorithm
end

#regionString? (readonly)

Note:

Default: the region the stack is deployed in.

AWS region that will host the certificate.

This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.

Returns:

  • (String, nil)


126
127
128
# File 'certificate_manager/dns_validated_certificate_props.rb', line 126

def region
  @region
end

#route53_endpointString? (readonly)

Note:

Default: - The AWS SDK will determine the Route53 endpoint to use based on region

An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.

Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.

Returns:

  • (String, nil)


135
136
137
# File 'certificate_manager/dns_validated_certificate_props.rb', line 135

def route53_endpoint
  @route53_endpoint
end

#subject_alternative_namesArray<String>? (readonly)

Note:

Default: - No additional FQDNs will be included as alternative domain names.

Alternative domain names on your certificate.

Use this to register alternative domain names that represent the same site.

Returns:

  • (Array<String>, nil)


79
80
81
# File 'certificate_manager/dns_validated_certificate_props.rb', line 79

def subject_alternative_names
  @subject_alternative_names
end

#transparency_logging_enabledBoolean? (readonly)

Note:

Default: true

Enable or disable transparency logging for this certificate.

Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.



91
92
93
# File 'certificate_manager/dns_validated_certificate_props.rb', line 91

def transparency_logging_enabled
  @transparency_logging_enabled
end

#validationAWSCDK::CertificateManager::CertificateValidation? (readonly)

Note:

Default: CertificateValidation.fromEmail()

How to validate this certificate.



96
97
98
# File 'certificate_manager/dns_validated_certificate_props.rb', line 96

def validation
  @validation
end

Class Method Details

.jsii_propertiesObject



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# File 'certificate_manager/dns_validated_certificate_props.rb', line 137

def self.jsii_properties
  {
    :domain_name => "domainName",
    :allow_export => "allowExport",
    :certificate_name => "certificateName",
    :key_algorithm => "keyAlgorithm",
    :subject_alternative_names => "subjectAlternativeNames",
    :transparency_logging_enabled => "transparencyLoggingEnabled",
    :validation => "validation",
    :hosted_zone => "hostedZone",
    :cleanup_route53_records => "cleanupRoute53Records",
    :custom_resource_role => "customResourceRole",
    :region => "region",
    :route53_endpoint => "route53Endpoint",
  }
end

Instance Method Details

#to_jsiiObject



154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# File 'certificate_manager/dns_validated_certificate_props.rb', line 154

def to_jsii
  result = {}
  result.merge!(super)
  result.merge!({
    "domainName" => @domain_name,
    "allowExport" => @allow_export,
    "certificateName" => @certificate_name,
    "keyAlgorithm" => @key_algorithm,
    "subjectAlternativeNames" => @subject_alternative_names,
    "transparencyLoggingEnabled" => @transparency_logging_enabled,
    "validation" => @validation,
    "hostedZone" => @hosted_zone,
    "cleanupRoute53Records" => @cleanup_route53_records,
    "customResourceRole" => @custom_resource_role,
    "region" => @region,
    "route53Endpoint" => @route53_endpoint,
  })
  result.compact
end