daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
agent-claw/cdk/node_modules/aws-cdk-lib/aws-certificatemanager/lib/certificate.d.ts
daniel 732b00fb66 agent-claw: automated task changes
2026-05-06 18:55:16 -05:00

260 lines
8.1 KiB
TypeScript
Raw Permalink Blame History

import type { Construct } from 'constructs';
import { CertificateBase } from './certificate-base';
import type * as cloudwatch from '../../aws-cloudwatch';
import type * as route53 from '../../aws-route53';
import type { IResource } from '../../core';
import type { ICertificateRef } from '../../interfaces/generated/aws-certificatemanager-interfaces.generated';
/**
* Represents a certificate in AWS Certificate Manager
*/
export interface ICertificate extends IResource, ICertificateRef {
/**
* The certificate's ARN
*
* @attribute
*/
readonly certificateArn: string;
/**
* Return the DaysToExpiry metric for this AWS Certificate Manager
* Certificate. By default, this is the minimum value over 1 day.
*
* This metric is no longer emitted once the certificate has effectively
* expired, so alarms configured on this metric should probably treat missing
* data as "breaching".
*/
metricDaysToExpiry(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
}
/**
* Properties for your certificate
*/
export interface CertificateProps {
/**
* Fully-qualified domain name to request a certificate for.
*
* May contain wildcards, such as ``*.domain.com``.
*/
readonly domainName: string;
/**
* Alternative domain names on your certificate.
*
* Use this to register alternative domain names that represent the same site.
*
* @default - No additional FQDNs will be included as alternative domain names.
*/
readonly subjectAlternativeNames?: string[];
/**
* How to validate this certificate
*
* @default CertificateValidation.fromEmail()
*/
readonly validation?: CertificateValidation;
/**
* Enable or disable export of this certificate.
*
* If you issue an exportable public certificate, there is a charge at certificate issuance and again when the certificate renews.
* Ref: https://aws.amazon.com/certificate-manager/pricing
*
* @default false
*/
readonly allowExport?: boolean;
/**
* Enable or disable transparency logging for this certificate
*
* Once a certificate has been logged, it cannot be removed from the log.
* Opting out at that point will have no effect. If you opt out of logging
* when you request a certificate and then choose later to opt back in,
* your certificate will not be logged until it is renewed.
* If you want the certificate to be logged immediately, we recommend that you issue a new one.
*
* @see https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
*
* @default true
*/
readonly transparencyLoggingEnabled?: boolean;
/**
* The Certificate name.
*
* Since the Certificate resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag
*
* @default the full, absolute path of this construct
*/
readonly certificateName?: string;
/**
* Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
*
* @see https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
*
* @default KeyAlgorithm.RSA_2048
*/
readonly keyAlgorithm?: KeyAlgorithm;
}
/**
* Certificate Manager key algorithm
*
* If you need to use an algorithm that doesn't exist as a static member, you
* can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-keyalgorithm
*/
export declare class KeyAlgorithm {
/**
* The name of the algorithm
*/
readonly name: string;
/**
* RSA_2048 algorithm
*/
static readonly RSA_2048: KeyAlgorithm;
/**
* EC_prime256v1 algorithm
*/
static readonly EC_PRIME256V1: KeyAlgorithm;
/**
* EC_secp384r1 algorithm
*/
static readonly EC_SECP384R1: KeyAlgorithm;
/**
* EC_secp521r1 algorithm
*/
static readonly EC_SECP521R1: KeyAlgorithm;
/**
* RSA_4096 algorithm
*/
static readonly RSA_4096: KeyAlgorithm;
/**
* RSA_3072 algorithm
*/
static readonly RSA_3072: KeyAlgorithm;
/**
* RSA_1024 algorithm
*/
static readonly RSA_1024: KeyAlgorithm;
constructor(
/**
* The name of the algorithm
*/
name: string);
}
/**
* Properties for certificate validation
*/
export interface CertificationValidationProps {
/**
* Validation method
*
* @default ValidationMethod.EMAIL
*/
readonly method?: ValidationMethod;
/**
* Hosted zone to use for DNS validation
*
* @default - use email validation
*/
readonly hostedZone?: route53.IHostedZone;
/**
* A map of hosted zones to use for DNS validation
*
* @default - use `hostedZone`
*/
readonly hostedZones?: {
[domainName: string]: route53.IHostedZone;
};
/**
* Validation domains to use for email validation
*
* @default - Apex domain
*/
readonly validationDomains?: {
[domainName: string]: string;
};
}
/**
* How to validate a certificate
*/
export declare class CertificateValidation {
readonly props: CertificationValidationProps;
/**
* Validate the certificate with DNS
*
* IMPORTANT: If `hostedZone` is not specified, DNS records must be added
* manually and the stack will not complete creating until the records are
* added.
*
* @param hostedZone the hosted zone where DNS records must be created
*/
static fromDns(hostedZone?: route53.IHostedZone): CertificateValidation;
/**
* Validate the certificate with automatically created DNS records in multiple
* Amazon Route 53 hosted zones.
*
* @param hostedZones a map of hosted zones where DNS records must be created
* for the domains in the certificate
*/
static fromDnsMultiZone(hostedZones: {
[domainName: string]: route53.IHostedZone;
}): CertificateValidation;
/**
* Validate the certificate with Email
*
* IMPORTANT: if you are creating a certificate as part of your stack, the stack
* will not complete creating until you read and follow the instructions in the
* email that you will receive.
*
* ACM will send validation emails to the following addresses:
*
* admin@domain.com
* administrator@domain.com
* hostmaster@domain.com
* postmaster@domain.com
* webmaster@domain.com
*
* For every domain that you register.
*
* @param validationDomains a map of validation domains to use for domains in the certificate
*/
static fromEmail(validationDomains?: {
[domainName: string]: string;
}): CertificateValidation;
/**
* The validation method
*/
readonly method: ValidationMethod;
/** @param props Certification validation properties */
private constructor();
}
/**
* A certificate managed by AWS Certificate Manager
*/
export declare class Certificate extends CertificateBase implements ICertificate {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a certificate
*/
static fromCertificateArn(scope: Construct, id: string, certificateArn: string): ICertificate;
/**
* The certificate's ARN
*/
readonly certificateArn: string;
constructor(scope: Construct, id: string, props: CertificateProps);
}
/**
* Method used to assert ownership of the domain
*/
export declare enum ValidationMethod {
/**
* Send email to a number of email addresses associated with the domain
*
* @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html
*/
EMAIL = "EMAIL",
/**
* Validate ownership by adding appropriate DNS records
*
* @see https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
*/
DNS = "DNS"
}
Reference in New Issue View Git Blame Copy Permalink