Interface ICertificateConfig

NetworkConfig / CertificateConfig

Description

Amazon Certificate Manager (ACM) Configuration

Import certificate or Request certificate from ACM

Example

- name: cert1
  type: import
  privKey: cert1/privKey.key
  cert: cert1/cert.crt
  chain: cert1/chain.csr
  deploymentTargets:
    accounts:
      - WorkloadAccount1
      - WorkloadAccount2
- name: cert2
  type: request
  validation: DNS
  domain: example.com
  san:
    - www.example.com
    - www.example.net
    - e.co
  deploymentTargets:
    OU:
      - Infrastructure
interface ICertificateConfig {
    cert?: string;
    chain?: string;
    deploymentTargets?: IDeploymentTargets;
    domain?: string;
    name: string;
    privKey?: string;
    san?: string[];
    type: CertificateConfigType;
    validation?: CertificateValidationType;
}

Properties

cert? chain? deploymentTargets? domain? name privKey? san? type validation?

Properties

Optional Readonlycert

cert?: string

Path to certificate in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The certificate to import. This value should be provided when type is set to import or else validation fails.

Optional Readonlychain

chain?: string

Path to the PEM encoded certificate chain in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. This value is optional when type is set to import.

Optional ReadonlydeploymentTargets

deploymentTargets?: IDeploymentTargets

ACM deployment target. This should be provided to deploy ACM into OUs or account.

Optional Readonlydomain

domain?: string

Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com. In compliance with RFC 5280, the length of the domain name (technically, the Common Name) that you provide cannot exceed 64 octets (characters), including periods. To add a longer domain name, specify it in the Subject Alternative Name field, which supports names up to 253 octets in length. This value should be provided when type is set to request or else validation fails.

Readonlyname

name: string

Name of the certificate. This should be unique in the certificates array. Duplicate names will fail the validation.

Optional ReadonlyprivKey

privKey?: string

Path to the private key in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The private key that matches the public key in the certificate. This value should be provided when type is set to import or else validation fails.

Optional Readonlysan

san?: string[]

Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, add the name www.example.net to a certificate for which the DomainName field is www.example.com if users can reach your site by using either name.

Readonlytype

type: CertificateConfigType

Type of ACM cert. Valid values are import or request

Optional Readonlyvalidation

validation?: CertificateValidationType

The method you want to use if you are requesting a public certificate to validate that you own or control domain. You can validate with DNS or validate with email. Valid values are 'DNS' or 'EMAIL'. This value should be provided when type is set to request or else validation fails.

Settings

Member Visibility

On This Page

Properties