Class CertificateConfig

NetworkConfig / CertificateConfig

Amazon Certificate Manager (ACM) Configuration

Import certificate or Request certificate from ACM

Example

- name: cert1
  type: import
  privKey: cert1/privKey.key
  cert: cert1/cert.crt
  chain: cert1/chain.csr
  deploymentTargets:
    accounts:
      - WorkloadAccount1
      - WorkloadAccount2
- name: cert2
  type: request
  validation: DNS
  domain: example.com
  san:
    - www.example.com
    - www.example.net
    - e.co
  deploymentTargets:
    OU:
      - Infrastructure

Hierarchy

  • CertificateConfig

Implements

Constructors

constructor

Properties

cert chain deploymentTargets domain name privKey san type validation

Constructors

constructor

Properties

Readonly cert

cert: undefined | string = undefined

Path to certificate in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The certificate to import. This value should be provided when type is set to import or else validation fails.

Readonly chain

chain: undefined | string = undefined

Path to the PEM encoded certificate chain in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. This value is optional when type is set to import.

Readonly deploymentTargets

deploymentTargets: DeploymentTargets = ...

ACM deployment target. This should be provided to deploy ACM into OUs or account.

Readonly domain

domain: undefined | string = undefined

Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com. In compliance with RFC 5280, the length of the domain name (technically, the Common Name) that you provide cannot exceed 64 octets (characters), including periods. To add a longer domain name, specify it in the Subject Alternative Name field, which supports names up to 253 octets in length. This value should be provided when type is set to request or else validation fails.

Readonly name

name: string = ''

Name of the certificate. This should be unique in the certificates array. Duplicate names will fail the validation.

Readonly privKey

privKey: undefined | string = undefined

Path to the private key in S3 assets bucket. The bucket value is in the outputs of Pipeline stack in home region. Path should be given relative to the bucket. The private key that matches the public key in the certificate. This value should be provided when type is set to import or else validation fails.

Readonly san

san: undefined | string[] = undefined

Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, add the name www.example.net to a certificate for which the DomainName field is www.example.com if users can reach your site by using either name.

Readonly type

type: "request" | "import" = 'import'

Type of ACM cert. Valid values are import or request

Readonly validation

validation: "EMAIL" | "DNS" = 'EMAIL'

The method you want to use if you are requesting a public certificate to validate that you own or control domain. You can validate with DNS or validate with email. Valid values are 'DNS' or 'EMAIL'. This value should be provided when type is set to request or else validation fails.

Settings

Member Visibility

Theme

Generated using TypeDoc