AWS::CertificateManager::Certificate DomainValidationOption - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::CertificateManager::Certificate DomainValidationOption

DomainValidationOption is a property of the AWS::CertificateManager::Certificate resource that specifies the Amazon Certificate Manager (ACM) certificate domain to validate. Depending on the chosen validation method, ACM checks the domain's DNS record for a validation CNAME, or it attempts to send a validation email message to the domain owner.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "DomainName" : String, "HostedZoneId" : String, "ValidationDomain" : String }

YAML

DomainName: String HostedZoneId: String ValidationDomain: String

Properties

DomainName

A fully qualified domain name (FQDN) in the certificate request.

Required: Yes

Type: String

Pattern: ^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

Minimum: 1

Maximum: 253

Update requires: Replacement

HostedZoneId

The HostedZoneId option, which is available if you are using Route 53 as your domain registrar, causes ACM to add your CNAME to the domain record. Your list of DomainValidationOptions must contain one and only one of the domain-validation options, and the HostedZoneId can be used only when DNS is specified as your validation method.

Use the Route 53 ListHostedZones API to discover IDs for available hosted zones.

This option is required for publicly trusted certificates.

Note

The ListHostedZones API returns IDs in the format "/hostedzone/Z111111QQQQQQQ", but CloudFormation requires the IDs to be in the format "Z111111QQQQQQQ".

When you change your DomainValidationOptions, a new resource is created.

Required: No

Type: String

Update requires: Replacement

ValidationDomain

The domain name to which you want ACM to send validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the DomainName value or a superdomain of the DomainName value. For example, if you request a certificate for testing.example.com, you can specify example.com as this value. In that case, ACM sends domain validation emails to the following five addresses:

  • admin@example.com

  • administrator@example.com

  • hostmaster@example.com

  • postmaster@example.com

  • webmaster@example.com

Required: No

Type: String

Pattern: ^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

Minimum: 1

Maximum: 253

Update requires: Replacement