CertificateProps

class aws_cdk.aws_certificatemanager.CertificateProps(*, domain_name, certificate_name=None, key_algorithm=None, subject_alternative_names=None, transparency_logging_enabled=None, validation=None)

Bases: object

Properties for your certificate.

Parameters:

  • domain_name (str) – Fully-qualified domain name to request a certificate for. May contain wildcards, such as *.domain.com.

  • certificate_name (Optional[str]) – The Certificate name. Since the Certificate resource doesn’t support providing a physical name, the value provided here will be recorded in the Name tag Default: the full, absolute path of this construct

  • key_algorithm (Optional[KeyAlgorithm]) – Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. Default: KeyAlgorithm.RSA_2048

  • subject_alternative_names (Optional[Sequence[str]]) – Alternative domain names on your certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.

  • transparency_logging_enabled (Optional[bool]) – Enable or disable transparency logging for this certificate. Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one. Default: true

  • validation (Optional[CertificateValidation]) – How to validate this certificate. Default: CertificateValidation.fromEmail()

ExampleMetadata:

infused

Example:

example_com = route53.HostedZone(self, "ExampleCom",
    zone_name="example.com"
)
example_net = route53.HostedZone(self, "ExampleNet",
    zone_name="example.net"
)

cert = acm.Certificate(self, "Certificate",
    domain_name="test.example.com",
    subject_alternative_names=["cool.example.com", "test.example.net"],
    validation=acm.CertificateValidation.from_dns_multi_zone({
        "test.example.com": example_com,
        "cool.example.com": example_com,
        "test.example.net": example_net
    })
)

Attributes

certificate_name

The Certificate name.

Since the Certificate resource doesn’t support providing a physical name, the value provided here will be recorded in the Name tag

Default:

the full, absolute path of this construct

domain_name

Fully-qualified domain name to request a certificate for.

May contain wildcards, such as *.domain.com.

key_algorithm

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.

Default:

KeyAlgorithm.RSA_2048

See:

https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title

subject_alternative_names

Alternative domain names on your certificate.

Use this to register alternative domain names that represent the same site.

Default:

  • No additional FQDNs will be included as alternative domain names.

transparency_logging_enabled

Enable or disable transparency logging for this certificate.

Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no effect. If you opt out of logging when you request a certificate and then choose later to opt back in, your certificate will not be logged until it is renewed. If you want the certificate to be logged immediately, we recommend that you issue a new one.

Default:

true

See:

https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency

validation

How to validate this certificate.

Default:

CertificateValidation.fromEmail()