CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

acm.mddocs/security/

ACM - Certificate Manager

AWS Certificate Manager provisions and manages SSL/TLS certificates.

Common Tasks

Request certificate with DNS validation

const cert = new aws.acm.Certificate("cert", {
    domainName: "example.com",
    validationMethod: "DNS",
    subjectAlternativeNames: ["*.example.com"],
});

Create DNS validation records and wait for validation

const validationRecords = cert.domainValidationOptions.apply(options =>
    options.map(opt => new aws.route53.Record(`${opt.domainName}-validation`, {
        name: opt.resourceRecordName,
        type: opt.resourceRecordType,
        records: [opt.resourceRecordValue],
        zoneId: zone.zoneId,
        ttl: 60,
    }))
);
const validation = new aws.acm.CertificateValidation("cert-validation", {
    certificateArn: cert.arn,
    validationRecordFqdns: validationRecords.apply(records => records.map(r => r.fqdn)),
});

Request wildcard certificate

const cert = new aws.acm.Certificate("wildcard-cert", {
    domainName: "*.example.com",
    subjectAlternativeNames: ["example.com"],
    validationMethod: "DNS",
});

Core Resources

Certificate

class Certificate extends pulumi.CustomResource {
    constructor(name: string, args?: CertificateArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly domainName: pulumi.Output<string>;
    readonly domainValidationOptions: pulumi.Output<CertificateDomainValidationOption[]>;
}

interface CertificateArgs {
    domainName?: pulumi.Input<string>;
    subjectAlternativeNames?: pulumi.Input<pulumi.Input<string>[]>;
    validationMethod?: pulumi.Input<"DNS" | "EMAIL">;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface CertificateDomainValidationOption {
    domainName: string;
    resourceRecordName: string;
    resourceRecordType: string;
    resourceRecordValue: string;
}

Example: Request certificate with DNS validation

const cert = new aws.acm.Certificate("ssl-cert", {
    domainName: "example.com",
    subjectAlternativeNames: ["*.example.com", "www.example.com"],
    validationMethod: "DNS",
    tags: {
        Environment: "production",
    },
});

CertificateValidation

class CertificateValidation extends pulumi.CustomResource {
    constructor(name: string, args: CertificateValidationArgs, opts?: pulumi.CustomResourceOptions);
}

interface CertificateValidationArgs {
    certificateArn: pulumi.Input<string>;
    validationRecordFqdns?: pulumi.Input<pulumi.Input<string>[]>;
}

Example: Validate certificate with Route53 records

// Create validation records
const validationOption = cert.domainValidationOptions[0];
const validationRecord = new aws.route53.Record("cert-validation", {
    name: validationOption.resourceRecordName,
    type: validationOption.resourceRecordType,
    records: [validationOption.resourceRecordValue],
    zoneId: zone.zoneId,
    ttl: 60,
});

// Wait for validation
const validation = new aws.acm.CertificateValidation("cert-validation", {
    certificateArn: cert.arn,
    validationRecordFqdns: [validationRecord.fqdn],
});

Related Services

  • Route 53 - DNS validation records for certificates
  • CloudFront - SSL/TLS for CDN distributions
  • Load Balancers - HTTPS listeners with certificates
  • API Gateway - Custom domain SSL certificates
  • CloudFront - Custom domain certificates (must be in us-east-1)

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

security

acm.md

cognito.md

guardduty.md

iam.md

kms.md

overview.md

secretsmanager.md

securityhub.md

waf.md

index.md

quickstart.md

README.md

tile.json