class Certificate (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.CertificateManager.Certificate |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscertificatemanager#Certificate |
 Java | software.amazon.awscdk.services.certificatemanager.Certificate |
 Python | aws_cdk.aws_certificatemanager.Certificate |
 TypeScript (source) | aws-cdk-lib » aws_certificatemanager » Certificate |
Implements
IConstruct, IDependable, IResource, ICertificate
A certificate managed by AWS Certificate Manager.
Example
const pool = new cognito.UserPool(this, 'Pool');
pool.addDomain('CognitoDomain', {
cognitoDomain: {
domainPrefix: 'my-awesome-app',
},
});
const certificateArn = 'arn:aws:acm:us-east-1:123456789012:certificate/11-3336f1-44483d-adc7-9cd375c5169d';
const domainCert = certificatemanager.Certificate.fromCertificateArn(this, 'domainCert', certificateArn);
pool.addDomain('CustomDomain', {
customDomain: {
domainName: 'user.myapp.com',
certificate: domainCert,
},
});
Initializer
new Certificate(scope: Construct, id: string, props: CertificateProps)
Parameters
- scope
Construct - id
string - props
CertificateProps
Construct Props
| Name | Type | Description |
|---|---|---|
| domain | string | Fully-qualified domain name to request a certificate for. |
| certificate | string | The Certificate name. |
| key | Key | Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. |
| subject | string[] | Alternative domain names on your certificate. |
| transparency | boolean | Enable or disable transparency logging for this certificate. |
| validation? | Certificate | How to validate this certificate. |
domainName
Type:
string
Fully-qualified domain name to request a certificate for.
May contain wildcards, such as *.domain.com.
certificateName?
Type:
string
(optional, default: the full, absolute path of this construct)
The Certificate name.
Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the Name tag
keyAlgorithm?
Type:
Key
(optional, default: KeyAlgorithm.RSA_2048)
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
subjectAlternativeNames?
Type:
string[]
(optional, default: No additional FQDNs will be included as alternative domain names.)
Alternative domain names on your certificate.
Use this to register alternative domain names that represent the same site.
transparencyLoggingEnabled?
Type:
boolean
(optional, default: true)
Enable or disable transparency logging for this certificate.
Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.
validation?
Type:
Certificate
(optional, default: CertificateValidation.fromEmail())
How to validate this certificate.
Properties
| Name | Type | Description |
|---|---|---|
| certificate | string | The certificate's ARN. |
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| stack | Stack | The stack in which this resource is defined. |
| region? | string | If the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric instances. |
certificateArn
Type:
string
The certificate's ARN.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
region?
Type:
string
(optional)
If the certificate is provisionned in a different region than the containing stack, this should be the region in which the certificate lives so we can correctly create Metric instances.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| metric | Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day. |
| to | Returns a string representation of this construct. |
| static from | Import a certificate. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
metricDaysToExpiry(props?)
public metricDaysToExpiry(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day.
This metric is no longer emitted once the certificate has effectively expired, so alarms configured on this metric should probably treat missing data as "breaching".
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromCertificateArn(scope, id, certificateArn)
public static fromCertificateArn(scope: Construct, id: string, certificateArn: string): ICertificate
Parameters
- scope
Construct - id
string - certificateArn
string
Returns
Import a certificate.