x-acm¶

This module to allow people to create ACM certificates, auto-validate these with their DNS registration, and front their applications with HTTPS.

Hint

Recently got supported by CloudFormation to natively add the CNAME entry to your Route53 DNS record as the certificate is created, removing the manual validation process.

Syntax¶

x-acm:
  certificate-01:
    Properties: {} # AWS CFN Properties
    MacroParameters: {} # ComposeX Macro parameters for ACM

Warning

You cannot be creating your public DNS Zone and validating it at the same time, simply because the NS servers of you new Public Zone are not registered in your DNS registra. Therefore, DNS validation would never work. Make sure that if you are creating a new DNS PublicZone, you will be able to use it!

Properties¶

The properties will be supported exactly like in the native AWS ACM Properties

Hint

If you defined multiple SubjectAlternativeNames names, they will be auto-added to the validation list and use the same ZoneId, so you do not need to list them all in DomainValidationOptions

MacroParameters¶

In the aspiration of making things easy, you can now simply define very straight forward settings to define your certificate. This automatically creates the full ACM Certificate definition, and uses DNS validation.

DomainNames:
  - domain.tld
  - sub.domain.tld
HostedZoneId: ZoneID

DomainNames¶

List of the domain names you want to create the ACM Certificate for.

Hint

The first domain name will be used for the CN, and the following ones will be used for SubjectAlternative names

HostedZoneId¶

If you wish to override the x-dns/PublicZone settings you can set that here.

Note

That HostedZone ID will be used for all of the Domain Validation.

Services¶

No need to indicate services to assign the ACM certificate to. Refer to x-elbv2 for mapping to ALB/NLB.

Example¶

x-acm:
  public-acm-01:
    Properties:
      DomainName: test.lambda-my-aws.io
      DomainValidationOptions:
        - HostedZoneId: ZABCDEFGHIS0123
          DomainName: test.lambda-my-aws.io
      SubjectAlternativeNames:
        - anothertest.lambda-my-aws.io
        - yet.another.test.lambda-my-aws.io
      ValidationMethod: DNS

Hint

If you need to specify x-dns in the template and provide the HostedZoneId which will be used there. DNS Reference: x-dns