@aws-cdk/aws-certificatemanager

  • Version 1.156.1
  • Published
  • 1.41 MB
  • 7 dependencies
  • Apache-2.0 license

Install

npm i @aws-cdk/aws-certificatemanager
yarn add @aws-cdk/aws-certificatemanager
pnpm add @aws-cdk/aws-certificatemanager

Overview

The CDK Construct Library for AWS::CertificateManager

Index

Functions

function apexDomain

apexDomain: (domainName: string) => string;
  • Returns the apex domain (domain.com) from a subdomain (www.sub.domain.com)

function getCertificateRegion

getCertificateRegion: (cert: ICertificate) => string | undefined;

    function isDnsValidatedCertificate

    isDnsValidatedCertificate: (
    cert: ICertificate
    ) => cert is DnsValidatedCertificate;

      Classes

      class Certificate

      class Certificate extends CertificateBase implements ICertificate {}
      • A certificate managed by AWS Certificate Manager

      constructor

      constructor(scope: Construct, id: string, props: CertificateProps);

        property certificateArn

        readonly certificateArn: string;
        • The certificate's ARN

        method fromCertificateArn

        static fromCertificateArn: (
        scope: Construct,
        id: string,
        certificateArn: string
        ) => ICertificate;
        • Import a certificate

        class CertificateValidation

        class CertificateValidation {}
        • How to validate a certificate

        property method

        readonly method: ValidationMethod;
        • The validation method

        property props

        readonly props: CertificationValidationProps;

          method fromDns

          static fromDns: (hostedZone?: route53.IHostedZone) => CertificateValidation;
          • Validate the certificate with DNS

            IMPORTANT: If hostedZone is not specified, DNS records must be added manually and the stack will not complete creating until the records are added.

            Parameter hostedZone

            the hosted zone where DNS records must be created

          method fromDnsMultiZone

          static fromDnsMultiZone: (hostedZones: {
          [domainName: string]: route53.IHostedZone;
          }) => CertificateValidation;
          • Validate the certificate with automatically created DNS records in multiple Amazon Route 53 hosted zones.

            Parameter hostedZones

            a map of hosted zones where DNS records must be created for the domains in the certificate

          method fromEmail

          static fromEmail: (validationDomains?: {
          [domainName: string]: string;
          }) => CertificateValidation;
          • Validate the certificate with Email

            IMPORTANT: if you are creating a certificate as part of your stack, the stack will not complete creating until you read and follow the instructions in the email that you will receive.

            ACM will send validation emails to the following addresses:

            admin@domain.com administrator@domain.com hostmaster@domain.com postmaster@domain.com webmaster@domain.com

            For every domain that you register.

            Parameter validationDomains

            a map of validation domains to use for domains in the certificate

          class CfnAccount

          class CfnAccount extends cdk.CfnResource implements cdk.IInspectable {}
          • A CloudFormation AWS::CertificateManager::Account

            The AWS::CertificateManager::Account resource defines the expiry event configuration that determines the number of days prior to expiry when ACM starts generating EventBridge events.

            AWS::CertificateManager::Account external

            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-account.html

          constructor

          constructor(scope: cdk.Construct, id: string, props: CfnAccountProps);
          • Create a new AWS::CertificateManager::Account.

            Parameter scope

            scope in which this resource is defined

            Parameter id

            scoped id of the resource

            Parameter props

            resource properties

          property attrAccountId

          readonly attrAccountId: string;
          • ID of the AWS account that owns the certificate. AccountId

          property CFN_RESOURCE_TYPE_NAME

          static readonly CFN_RESOURCE_TYPE_NAME: string;
          • The CloudFormation resource type name for this resource class.

          property cfnProperties

          readonly cfnProperties: { [key: string]: any };

            property expiryEventsConfiguration

            expiryEventsConfiguration: any;
            • Object containing expiration events options associated with an AWS account . For more information, see [ExpiryEventsConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExpiryEventsConfiguration.html) in the API reference.

              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-account.html#cfn-certificatemanager-account-expiryeventsconfiguration

            method inspect

            inspect: (inspector: cdk.TreeInspector) => void;
            • Examines the CloudFormation resource and discloses attributes.

              Parameter inspector

              tree inspector to collect and process attributes

            method renderProperties

            protected renderProperties: (props: { [key: string]: any }) => {
            [key: string]: any;
            };

              class CfnCertificate

              class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable {}
              • A CloudFormation AWS::CertificateManager::Certificate

                The AWS::CertificateManager::Certificate resource requests an AWS Certificate Manager ( ACM ) certificate that you can use to enable secure connections. For example, you can deploy an ACM certificate to an Elastic Load Balancer to enable HTTPS support. For more information, see [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html) in the AWS Certificate Manager API Reference.

                > When you use the AWS::CertificateManager::Certificate resource in a CloudFormation stack, domain validation is handled automatically if all three of the following are true: The certificate domain is hosted in Amazon Route 53, the domain resides in your AWS account , and you are using DNS validation. > > However, if the certificate uses email validation, or if the domain is not hosted in Route 53, then the stack will remain in the CREATE_IN_PROGRESS state. Further stack operations are delayed until you validate the certificate request, either by acting upon the instructions in the validation email, or by adding a CNAME record to your DNS configuration. For more information, see [Option 1: DNS Validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) and [Option 2: Email Validation](https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html) .

                AWS::CertificateManager::Certificate external

                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html

              constructor

              constructor(scope: cdk.Construct, id: string, props: CfnCertificateProps);
              • Create a new AWS::CertificateManager::Certificate.

                Parameter scope

                scope in which this resource is defined

                Parameter id

                scoped id of the resource

                Parameter props

                resource properties

              property certificateAuthorityArn

              certificateAuthorityArn: string;
              • The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. If you do not provide an ARN and you are trying to request a private certificate, ACM will attempt to issue a public certificate. For more information about private CAs, see the [AWS Certificate Manager Private Certificate Authority (PCA)](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html) user guide. The ARN must have the following form:

                arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012

                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-certificateauthorityarn

              property certificateTransparencyLoggingPreference

              certificateTransparencyLoggingPreference: string;
              • You can opt out of certificate transparency logging by specifying the DISABLED option. Opt in by specifying ENABLED .

                If you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.

                Changing the certificate transparency logging preference will update the existing resource by calling UpdateCertificateOptions on the certificate. This action will not create a new resource.

                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-certificatetransparencyloggingpreference

              property CFN_RESOURCE_TYPE_NAME

              static readonly CFN_RESOURCE_TYPE_NAME: string;
              • The CloudFormation resource type name for this resource class.

              property cfnProperties

              readonly cfnProperties: { [key: string]: any };

                property domainName

                domainName: string;
                • The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com , site.example.com , and images.example.com.

                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-domainname

                property domainValidationOptions

                domainValidationOptions: any;
                • Domain information that domain name registrars use to verify your identity.

                  > In order for a AWS::CertificateManager::Certificate to be provisioned and validated in CloudFormation automatically, the DomainName property needs to be identical to one of the DomainName property supplied in DomainValidationOptions, if the ValidationMethod is **DNS**. Failing to keep them like-for-like will result in failure to create the domain validation records in Route53.

                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-domainvalidationoptions

                property subjectAlternativeNames

                subjectAlternativeNames: string[];
                • Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for which the DomainName field is www.example.com if users can reach your site by using either name.

                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-subjectalternativenames

                property tags

                readonly tags: cdk.TagManager;
                • Key-value pairs that can identify the certificate.

                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags

                property validationMethod

                validationMethod: string;
                • The method you want to use to validate that you own or control the domain associated with a public certificate. You can [validate with DNS](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html) or [validate with email](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html) . We recommend that you use DNS validation.

                  If not specified, this property defaults to email validation.

                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-validationmethod

                method inspect

                inspect: (inspector: cdk.TreeInspector) => void;
                • Examines the CloudFormation resource and discloses attributes.

                  Parameter inspector

                  tree inspector to collect and process attributes

                method renderProperties

                protected renderProperties: (props: { [key: string]: any }) => {
                [key: string]: any;
                };

                  class DnsValidatedCertificate

                  class DnsValidatedCertificate
                  extends CertificateBase
                  implements ICertificate, cdk.ITaggable {}
                  • A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the specified Route 53 hosted zone.

                    AWS::CertificateManager::Certificate

                  constructor

                  constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps);

                    property certificateArn

                    readonly certificateArn: string;

                      property region

                      protected readonly region?: string;

                        property tags

                        readonly tags: cdk.TagManager;
                        • Resource Tags.

                          See Also

                          • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags

                        method validate

                        protected validate: () => string[];

                          class PrivateCertificate

                          class PrivateCertificate extends CertificateBase implements ICertificate {}
                          • A private certificate managed by AWS Certificate Manager

                            AWS::CertificateManager::Certificate

                          constructor

                          constructor(scope: Construct, id: string, props: PrivateCertificateProps);

                            property certificateArn

                            readonly certificateArn: string;
                            • The certificate's ARN

                            method fromCertificateArn

                            static fromCertificateArn: (
                            scope: Construct,
                            id: string,
                            certificateArn: string
                            ) => ICertificate;
                            • Import a certificate

                            Interfaces

                            interface CertificateProps

                            interface CertificateProps {}
                            • Properties for your certificate

                            property domainName

                            readonly domainName: string;
                            • Fully-qualified domain name to request a certificate for.

                              May contain wildcards, such as ``*.domain.com``.

                            property subjectAlternativeNames

                            readonly subjectAlternativeNames?: string[];
                            • Alternative domain names on your certificate.

                              Use this to register alternative domain names that represent the same site.

                              - No additional FQDNs will be included as alternative domain names.

                            property validation

                            readonly validation?: CertificateValidation;
                            • How to validate this certificate

                              CertificateValidation.fromEmail()

                            property validationDomains

                            readonly validationDomains?: {
                            [domainName: string]: string;
                            };
                            • What validation domain to use for every requested domain.

                              Has to be a superdomain of the requested domain.

                              - Apex domain is used for every domain that's not overridden.

                              Deprecated

                              use validation instead.

                            property validationMethod

                            readonly validationMethod?: ValidationMethod;
                            • Validation method used to assert domain ownership

                              ValidationMethod.EMAIL

                              Deprecated

                              use validation instead.

                            interface CertificationValidationProps

                            interface CertificationValidationProps {}
                            • Properties for certificate validation

                            property hostedZone

                            readonly hostedZone?: route53.IHostedZone;
                            • Hosted zone to use for DNS validation

                              - use email validation

                            property hostedZones

                            readonly hostedZones?: {
                            [domainName: string]: route53.IHostedZone;
                            };
                            • A map of hosted zones to use for DNS validation

                              - use hostedZone

                            property method

                            readonly method?: ValidationMethod;
                            • Validation method

                              ValidationMethod.EMAIL

                            property validationDomains

                            readonly validationDomains?: {
                            [domainName: string]: string;
                            };
                            • Validation domains to use for email validation

                              - Apex domain

                            interface CfnAccountProps

                            interface CfnAccountProps {}
                            • Properties for defining a CfnAccount

                              external

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-account.html

                            property expiryEventsConfiguration

                            readonly expiryEventsConfiguration:
                            | CfnAccount.ExpiryEventsConfigurationProperty
                            | cdk.IResolvable;
                            • Object containing expiration events options associated with an AWS account . For more information, see [ExpiryEventsConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExpiryEventsConfiguration.html) in the API reference.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-account.html#cfn-certificatemanager-account-expiryeventsconfiguration

                            interface CfnCertificateProps

                            interface CfnCertificateProps {}
                            • Properties for defining a CfnCertificate

                              external

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html

                            property certificateAuthorityArn

                            readonly certificateAuthorityArn?: string;
                            • The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. If you do not provide an ARN and you are trying to request a private certificate, ACM will attempt to issue a public certificate. For more information about private CAs, see the [AWS Certificate Manager Private Certificate Authority (PCA)](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html) user guide. The ARN must have the following form:

                              arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-certificateauthorityarn

                            property certificateTransparencyLoggingPreference

                            readonly certificateTransparencyLoggingPreference?: string;
                            • You can opt out of certificate transparency logging by specifying the DISABLED option. Opt in by specifying ENABLED .

                              If you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.

                              Changing the certificate transparency logging preference will update the existing resource by calling UpdateCertificateOptions on the certificate. This action will not create a new resource.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-certificatetransparencyloggingpreference

                            property domainName

                            readonly domainName: string;
                            • The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com , site.example.com , and images.example.com.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-domainname

                            property domainValidationOptions

                            readonly domainValidationOptions?:
                            | Array<CfnCertificate.DomainValidationOptionProperty | cdk.IResolvable>
                            | cdk.IResolvable;
                            • Domain information that domain name registrars use to verify your identity.

                              > In order for a AWS::CertificateManager::Certificate to be provisioned and validated in CloudFormation automatically, the DomainName property needs to be identical to one of the DomainName property supplied in DomainValidationOptions, if the ValidationMethod is **DNS**. Failing to keep them like-for-like will result in failure to create the domain validation records in Route53.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-domainvalidationoptions

                            property subjectAlternativeNames

                            readonly subjectAlternativeNames?: string[];
                            • Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for which the DomainName field is www.example.com if users can reach your site by using either name.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-subjectalternativenames

                            property tags

                            readonly tags?: cdk.CfnTag[];
                            • Key-value pairs that can identify the certificate.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-tags

                            property validationMethod

                            readonly validationMethod?: string;
                            • The method you want to use to validate that you own or control the domain associated with a public certificate. You can [validate with DNS](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html) or [validate with email](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html) . We recommend that you use DNS validation.

                              If not specified, this property defaults to email validation.

                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-validationmethod

                            interface DnsValidatedCertificateProps

                            interface DnsValidatedCertificateProps extends CertificateProps {}
                            • Properties to create a DNS validated certificate managed by AWS Certificate Manager

                            property cleanupRoute53Records

                            readonly cleanupRoute53Records?: boolean;
                            • When set to true, when the DnsValidatedCertificate is deleted, the associated Route53 validation records are removed.

                              CAUTION: If multiple certificates share the same domains (and same validation records), this can cause the other certificates to fail renewal and/or not validate. Not recommended for production use.

                              false

                            property customResourceRole

                            readonly customResourceRole?: iam.IRole;
                            • Role to use for the custom resource that creates the validated certificate

                              - A new role will be created

                            property hostedZone

                            readonly hostedZone: route53.IHostedZone;
                            • Route 53 Hosted Zone used to perform DNS validation of the request. The zone must be authoritative for the domain name specified in the Certificate Request.

                            property region

                            readonly region?: string;
                            • AWS region that will host the certificate. This is needed especially for certificates used for CloudFront distributions, which require the region to be us-east-1.

                              the region the stack is deployed in.

                            property route53Endpoint

                            readonly route53Endpoint?: string;
                            • An endpoint of Route53 service, which is not necessary as AWS SDK could figure out the right endpoints for most regions, but for some regions such as those in aws-cn partition, the default endpoint is not working now, hence the right endpoint need to be specified through this prop.

                              Route53 is not been officially launched in China, it is only available for AWS internal accounts now. To make DnsValidatedCertificate work for internal accounts now, a special endpoint needs to be provided.

                              - The AWS SDK will determine the Route53 endpoint to use based on region

                            interface ICertificate

                            interface ICertificate extends IResource {}
                            • Represents a certificate in AWS Certificate Manager

                            property certificateArn

                            readonly certificateArn: string;
                            • The certificate's ARN

                            method metricDaysToExpiry

                            metricDaysToExpiry: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;
                            • Return the DaysToExpiry metric for this AWS Certificate Manager Certificate. By default, this is the minimum value over 1 day.

                              This metric is no longer emitted once the certificate has effectively expired, so alarms configured on this metric should probably treat missing data as "breaching".

                            interface PrivateCertificateProps

                            interface PrivateCertificateProps {}
                            • Properties for your private certificate

                            property certificateAuthority

                            readonly certificateAuthority: acmpca.ICertificateAuthority;
                            • Private certificate authority (CA) that will be used to issue the certificate.

                            property domainName

                            readonly domainName: string;
                            • Fully-qualified domain name to request a private certificate for.

                              May contain wildcards, such as ``*.domain.com``.

                            property subjectAlternativeNames

                            readonly subjectAlternativeNames?: string[];
                            • Alternative domain names on your private certificate.

                              Use this to register alternative domain names that represent the same site.

                              - No additional FQDNs will be included as alternative domain names.

                            Enums

                            enum ValidationMethod

                            enum ValidationMethod {
                            EMAIL = 'EMAIL',
                            DNS = 'DNS',
                            }
                            • Method used to assert ownership of the domain

                            member DNS

                            DNS = 'DNS'
                            • Validate ownership by adding appropriate DNS records

                              See Also

                              • https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html

                            member EMAIL

                            EMAIL = 'EMAIL'
                            • Send email to a number of email addresses associated with the domain

                              See Also

                              • https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html

                            Namespaces

                            namespace CfnAccount

                            namespace CfnAccount {}

                              interface ExpiryEventsConfigurationProperty

                              interface ExpiryEventsConfigurationProperty {}
                              • Object containing expiration events options associated with an AWS account . For more information, see [ExpiryEventsConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExpiryEventsConfiguration.html) in the API reference.

                                external

                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-account-expiryeventsconfiguration.html

                              property daysBeforeExpiry

                              readonly daysBeforeExpiry?: number;
                              • This option specifies the number of days prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event per day per certificate until the certificate expires. By default, accounts receive events starting 45 days before certificate expiration.

                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-account-expiryeventsconfiguration.html#cfn-certificatemanager-account-expiryeventsconfiguration-daysbeforeexpiry

                              namespace CfnCertificate

                              namespace CfnCertificate {}

                                interface DomainValidationOptionProperty

                                interface DomainValidationOptionProperty {}
                                • DomainValidationOption is a property of the [AWS::CertificateManager::Certificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html) resource that specifies the AWS Certificate Manager ( ACM ) certificate domain to validate. Depending on the chosen validation method, ACM checks the domain's DNS record for a validation CNAME, or it attempts to send a validation email message to the domain owner.

                                  external

                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html

                                property domainName

                                readonly domainName: string;
                                • A fully qualified domain name (FQDN) in the certificate request.

                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html#cfn-certificatemanager-certificate-domainvalidationoptions-domainname

                                property hostedZoneId

                                readonly hostedZoneId?: string;
                                • The HostedZoneId option, which is available if you are using Route 53 as your domain registrar, causes ACM to add your CNAME to the domain record. Your list of DomainValidationOptions must contain one and only one of the domain-validation options, and the HostedZoneId can be used only when DNS is specified as your validation method.

                                  Use the Route 53 ListHostedZones API to discover IDs for available hosted zones.

                                  This option is required for publicly trusted certificates.

                                  > The ListHostedZones API returns IDs in the format "/hostedzone/Z111111QQQQQQQ", but CloudFormation requires the IDs to be in the format "Z111111QQQQQQQ".

                                  When you change your DomainValidationOptions , a new resource is created.

                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html#cfn-certificatemanager-certificate-domainvalidationoption-hostedzoneid

                                property validationDomain

                                readonly validationDomain?: string;
                                • The domain name to which you want ACM to send validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the DomainName value or a superdomain of the DomainName value. For example, if you request a certificate for testing.example.com , you can specify example.com as this value. In that case, ACM sends domain validation emails to the following five addresses:

                                  - admin@example.com - administrator@example.com - hostmaster@example.com - postmaster@example.com - webmaster@example.com

                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html#cfn-certificatemanager-certificate-domainvalidationoption-validationdomain

                                Package Files (6)

                                Dependencies (7)

                                Dev Dependencies (5)

                                Peer Dependencies (7)

                                Badge

                                To add a badge like this onejsDocs.io badgeto your package's README, use the codes available below.

                                You may also use Shields.io to create a custom badge linking to https://www.jsdocs.io/package/@aws-cdk/aws-certificatemanager.

                                • Markdown
                                  [![jsDocs.io](https://img.shields.io/badge/jsDocs.io-reference-blue)](https://www.jsdocs.io/package/@aws-cdk/aws-certificatemanager)
                                • HTML
                                  <a href="https://www.jsdocs.io/package/@aws-cdk/aws-certificatemanager"><img src="https://img.shields.io/badge/jsDocs.io-reference-blue" alt="jsDocs.io"></a>