NetworkConfig / CertificateConfig

Amazon Certificate Manager (ACM) Configuration

Import certificate or Request certificate from ACM

Example

- name: cert1
type: import
privKey: cert1/privKey.key
cert: cert1/cert.crt
chain: cert1/chain.csr
deploymentTargets:
accounts:
- WorkloadAccount1
- WorkloadAccount2
- name: cert2
type: request
validation: DNS
domain: example.com
san:
- www.example.com
- www.example.net
- e.co
deploymentTargets:
OU:
- Infrastructure

Hierarchy

  • CertificateConfig

Implements

Constructors

Properties

cert: undefined | string = undefined

Path to certificate in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The certificate to import. This value should be provided when type is set to import or else validation fails.

chain: undefined | string = undefined

Path to the PEM encoded certificate chain in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. This value is optional when type is set to import.

deploymentTargets: DeploymentTargets = ...

ACM deployment target. This should be provided to deploy ACM into OUs or account.

domain: undefined | string = undefined

Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com. In compliance with RFC 5280, the length of the domain name (technically, the Common Name) that you provide cannot exceed 64 octets (characters), including periods. To add a longer domain name, specify it in the Subject Alternative Name field, which supports names up to 253 octets in length. This value should be provided when type is set to request or else validation fails.

name: string = ''

Name of the certificate. This should be unique in the certificates array. Duplicate names will fail the validation.

privKey: undefined | string = undefined

Path to the private key in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The private key that matches the public key in the certificate. This value should be provided when type is set to import or else validation fails.

san: undefined | string[] = undefined

Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, add the name www.example.net to a certificate for which the DomainName field is www.example.com if users can reach your site by using either name.

type: "request" | "import" = 'import'

Type of ACM cert. Valid values are import or request

validation: "EMAIL" | "DNS" = 'EMAIL'

The method you want to use if you are requesting a public certificate to validate that you own or control domain. You can validate with DNS or validate with email. Valid values are 'DNS' or 'EMAIL'. This value should be provided when type is set to request or else validation fails.

Generated using TypeDoc