/
3-acm-certification-stack.yaml
71 lines (64 loc) · 3.01 KB
/
3-acm-certification-stack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
AWSTemplateFormatVersion: 2010-09-09
## =================== DESCRIPTION =================== ##
Description: >-
AWS CloudFormation sample template
- Request public SSL/TLS certificate from AWS Certificate Manager (ACM) for our domain name and all its subdomains to use to secure network communications and establish the identity of websites over the Internet
## ===================== METADATA ===================== ##
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: DNS parameters
Parameters:
- paramRootDomain
- paramHostedZoneId
- Label:
default: AWS tag parameters
Parameters:
- paramUniqueTagName
## ==================== PARAMETERS ==================== ##
Parameters:
paramRootDomain:
Description: Specify a root domain for your website (such as example.com)
Type: String
paramHostedZoneId:
Description: Specify a public hosted zone ID for root domain
Type: String
paramUniqueTagName:
Description: Specify a unique name for tag
Type: String
Default: static-website-hosting-to-s3
AllowedPattern: "[\\x20-\\x7E]*"
ConstraintDescription: Must contain only ASCII characters
## ==================== MAPPINGS ==================== ##
# Mappings:
## ==================== CONDITIONS ==================== ##
# Conditions:
## ===================== RESOURCES ===================== ##
Resources:
# request public SSL/TLS certificate from AWS Certificate Manager (ACM) for our domain name and all its subdomains
# it helps to secure network communications and establish the identity of websites over the Internet
mySSLCertificate:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: !Ref paramRootDomain # root domain (such as example.com)
SubjectAlternativeNames:
- !Sub '*.${paramRootDomain}' # request a wildcard certificate for all subdomains
DomainValidationOptions:
- DomainName: !Ref paramRootDomain # DNS record for the root domain
HostedZoneId: !Ref paramHostedZoneId
# Note: If a certificate with automatic (Route53) DNS validation contains both a base domain name and the wildcard for that domain (e.g., example.com and *.example.com), the corresponding DNS validation records are identical.
# This seems to have caused problems for the automated CloudFormation DNS validation. Solving the problem by removing the redundant wildcard entries from the DomainValidationOption.
# Source: https://github.com/aws/aws-cdk/pull/9291
# - DomainName: !Sub '*.${paramRootDomain}' # DNS record for the all subdomains
# HostedZoneId: !Ref paramHostedZoneId
# ValidationDomain: !Ref paramRootDomain
ValidationMethod: DNS
Tags:
- Key: mastering-cloudformation
Value: !Ref paramUniqueTagName
## ======================= OUTPUT ====================== ##
Outputs:
outputCertificateArn:
Description: Issued SSL certificate Arn
Value: !Ref mySSLCertificate