-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request Certificate in account A for a domain hosted in account B with DNS validation #4469
Comments
I have a hard time seeing how we will be able to provide this functionality in core. It might be good as an external construct library, but this seems too narrowly focused to be in core. Since the validated certfiicate you seem to want to use is exclusively a custom resource, I think there's hardly any logic to reuse. I would encourage you to fork off the resource in a new package and build customized logic that will authenticate to a different account. Closing as a "wont fix" for now. |
I need this feature too. It's common to centralize Domain names and certificates in a single AWS Account. This seems to be the best solution currently: |
It should be possible to create certificates for domains that are hosted in different accounts.
Use Case
We're having accounts per teams as most aws customers I believe. In our main account we're having our main company domain which is used for most public services. Currently we're already using a lambda function to create and validate a certificate. It runs in the teams account has has access to the main account with a role.
Proposed Solution
The lambda function provided by cdk does the creation of the cert and the route53 record for validation in the same account. Being able to pass a role for the other account would be one solution.
Another solution would be to easily define a custom lambda function. Then we would be able to use the rest of cdk but our own lambda logic.
The text was updated successfully, but these errors were encountered: