New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-certificatemanager] validationDomains does not need to be supplied for PCA certificates #10076
Comments
Additionally, if a tokens are not used in the code, CDK nevertheless will auto-inject domain validation properties which can fail textual validation if the domain name does not have a dot in it. Example: "ServiceCertificateXXXXX": {
"Type": "AWS::CertificateManager::Certificate",
"Properties": {
"DomainName": "app.test",
"CertificateAuthorityArn": "arn:aws:acm-pca:us-east-2:xxxxxx:certificate-authority/xxxxxx",
"DomainValidationOptions": [
{
"DomainName": "app.test",
"ValidationDomain": "test"
}
],
"ValidationMethod": "EMAIL"
},
"Metadata": {
"aws:cdk:path": "xxxxx"
}
}, The |
Thanks for the report, @otterley. At this time, the In the meantime, I'd suggest just using the underlying new CfnCertificate(this, 'ServiceCertificate', {
certificateAuthorityArn: 'arn:aws:acm-pca:us-east-2:xxxxxx:certificate-authority/xxxxxx',
domainName: `${sdService.serviceName}.${namespace.namespaceName}`,
}); |
…rivate Certificate Authority (#16315) Support requesting private certificates issued by Private Certificate Authority. Similar to the existing construct named `Certificate`, a new construct `PrivateCertificate` was introduced. There are two main differences between them. `PrivateCertificate` has an additional property `certificateAuthority` to specify the Private certificate authority (CA) that will be used to issue the certificate. The validation options are removed because no validation is necessary for private certificates. Closes #10076. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…rivate Certificate Authority (aws#16315) Support requesting private certificates issued by Private Certificate Authority. Similar to the existing construct named `Certificate`, a new construct `PrivateCertificate` was introduced. There are two main differences between them. `PrivateCertificate` has an additional property `certificateAuthority` to specify the Private certificate authority (CA) that will be used to issue the certificate. The validation options are removed because no validation is necessary for private certificates. Closes aws#10076. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When using tokens for domain names, attempting to create a new ACM certificate throws the error:
This makes sense when generating a public certificate, but not for a private certificate issued by Private Certificate Authority (PCA) since these certificates are not validated.
Reproduction Steps
What did you expect to happen?
What actually happened?
Environment
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: