feat: add ACM certificate construct #390
Conversation
| }, | ||
| "Resources": Object { | ||
| "TestCertificate6B4956B6": Object { | ||
| "DeletionPolicy": "Retain", |
There was a problem hiding this comment.
I think that adding this deletion policy will improve safety and allow us to import certificates created outside of CloudFormation 🤞
src/constructs/acm/certificate.ts
Outdated
| import { GuMigratingResource } from "../core/migrating"; | ||
| import type { GuStatefulConstruct } from "../core/migrating"; | ||
|
|
||
| type GuCertificateProps = Record<Stage, GuDnsValidatedCertificateProps> & GuMigratingResource; |
There was a problem hiding this comment.
This is my first attempt at using #364 - hopefully this is roughly what you were expecting @akash1810!
There was a problem hiding this comment.
Took a second to parse that, but yep looks correct 👍🏽 . You might want to add AppIdentity too so we can add the app tag.
| * If your DNS is managed via Route 53, then supplying `hostedZoneId` props will allow AWS to automatically | ||
| * validate your certificate. | ||
| * | ||
| * If your DNS is not managed via Route 53, or you omit the `hostedZoneId` props, then the CloudFormation |
There was a problem hiding this comment.
This advice is based on https://github.com/aws/aws-cdk/blob/7966f8d48c4bff26beb22856d289f9d0c7e7081d/packages/%40aws-cdk/aws-certificatemanager/lib/certificate.ts#L101-L116. In the future, perhaps we can use a custom resource to create the appropriate records elsewhere (NS1?) automatically?
src/constructs/acm/certificate.ts
Outdated
| } | ||
|
|
||
| /** | ||
| * Construct which creates an ACM Certificate. |
There was a problem hiding this comment.
minor: Should we make it explicit that this is a DNS validated cert? Either by mentioning it in this comment or in the naming of the construct?
There was a problem hiding this comment.
Good idea, I've updated the docs.
|
🎉 This PR is included in version 7.1.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What does this change?
This change adds a new construct for creating an ACM certificate.
Does this change require changes to existing projects or CDK CLI?
No.
How to test
I've added unit tests to cover the new functionality.
How can we measure success?
We are able to create more resources using
@guardian/cdk.Have we considered potential risks?
Adding a new construct is low risk.