Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-certificatemanager): implement new cloudformation feature for DNS validation #8659

Closed
2 tasks done
meve opened this issue Jun 19, 2020 · 1 comment · Fixed by #8552
Closed
2 tasks done

(aws-certificatemanager): implement new cloudformation feature for DNS validation #8659

meve opened this issue Jun 19, 2020 · 1 comment · Fixed by #8552
Assignees
@skinny85
Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.

Comments

@meve
Copy link
Contributor

meve commented Jun 19, 2020

I am proposing to implement the feature announced in this blog article. It appears that the Lambda function used in the DnsValidatedCertificate construct is no longer needed. In fact, you may argue that the DnsValidatedCertificate construct itself is no longer needed.

This is because the HostedZoneId is introduced in the DomainValidationOptions, which does the job for you.

Use Case

It makes sense because it is a CloudFormation native construct now, and because it saves provisioning an:

  • AWS::IAM::Role
  • AWS::IAM::Policy
  • AWS::Lambda::Function
  • AWS::CloudFormation::CustomResource

Proposed Solution

Since this feature was introduced, I think it is possible to just create a record in a hosted zone by providing the hosted zone id, like so:

Resources:
  Certificate:
    Type: AWS::CertificateManager::Certificate
    Properties: 
      DomainName: example.com
      DomainValidationOptions: 
        - DomainName: example.com
          HostedZoneId: Z2UWXABC123
      ValidationMethod: DNS

This now creates a validation record on your behalf in the Hosted Zone with the ID specified in the DomainValidationOptions.

Other

I would add the HostedZoneId as a DomainValidationOption, and perhaps get rid of the DnsValidatedCertificate construct, as it may have become obsolete now.

Looking forward to your input.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@meve meve added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2020
@github-actions github-actions bot added the @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager label Jun 19, 2020
@meve meve changed the title (aws-certificatemanager): implement new (aws-certificatemanager): implement new cloudformation feature Jun 19, 2020
@meve meve changed the title (aws-certificatemanager): implement new cloudformation feature (aws-certificatemanager): implement new cloudformation feature for DNS validation Jun 19, 2020
@jogold
Copy link
Contributor

jogold commented Jun 19, 2020

See #8552

@jogold jogold mentioned this issue Jun 19, 2020
Merged
@meve meve closed this as completed Jun 19, 2020
mergify bot pushed a commit that referenced this issue Jul 10, 2020
@jogold
feat(certificatemanager): native CloudFormation DNS validated certifi…
337279f 
…cate (#8552)

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. `DnsValidatedCertificate` is now only useful for cross-region
certificate creation.

The default remains email validation (non-breaking).

Closes #5831
Closes #5835
Closes #6081
Closes #6516
Closes #7150
Closes #7941
Closes #7995
Closes #7996
Closes #8282 
Closes #8659
Closes #8783

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(certificatemanager): native CloudFormation DNS validated certificate jogold/aws-cdk
3 participants
@skinny85 @meve @jogold