feat(certificatemanager): requesting private certificates issued by Private Certificate Authority #16315
Conversation
…rivate Certificate Authority
|
|
peterwoodworth
added
@aws-cdk/aws-certificatemanager
RomainMuller
force-pushed
the
master
branch
from
924c117
to
ebfd5f2
Compare
peterwoodworth
changed the title
There was a problem hiding this comment.
Thanks for this PR!
I'm wondering if we should go about this differently. Rather than add this to Certificate, what if we create a new construct called PrivateCertificate? The PrivateCertificateProps would be limited to domainName, subjectAlternativeNames, and certificateAuthority, with the latter required rather than optional.
I think this will make the intent a bit clearer. There's a public certificate -- with various validation options -- and a private certificate, which requires the use of a private CA and requires no validation. I suspect this will result in less build/synth-time errors and slightly cleaner code.
|
Thanks for your feedback. I have implemented the suggested changes and introduced a new construct named `PrivateCertificate. You're right. The code looks much cleaner than before. I tested the new construct manually with the following examples: new certificatemanager.PrivateCertificate(this, 'MyCert', {
certificateAuthority,
domainName: 'my-cert.me',
});new certificatemanager.PrivateCertificate(this, 'MyCert', {
certificateAuthority,
domainName: 'my-cert.me',
subjectAlternativeNames: ['*.foo.my-cert.me'],
});I haven't created an integration test yet because |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…rivate Certificate Authority (aws#16315) Support requesting private certificates issued by Private Certificate Authority. Similar to the existing construct named `Certificate`, a new construct `PrivateCertificate` was introduced. There are two main differences between them. `PrivateCertificate` has an additional property `certificateAuthority` to specify the Private certificate authority (CA) that will be used to issue the certificate. The validation options are removed because no validation is necessary for private certificates. Closes aws#10076. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Support requesting private certificates issued by Private Certificate Authority.
Similar to the existing construct named
Certificate, a new constructPrivateCertificatewas introduced. There are two main differences between them.PrivateCertificatehas an additional propertycertificateAuthorityto specify the Private certificate authority (CA) that will be used to issue the certificate. The validation options are removed because no validation is necessary for private certificates.Closes #10076.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license