'How to specify a validation domain for AWS CDK when using tokens for domain names

I'm requesting a domain certificate from an AWS CDK stack. For the domain name, I use a value from AWS Parameter Store like:

const domainName = StringParameter.valueForStringParameter(this, `/musical/${branch}/PaymentDomain`)

const cert = new Certificate(this, 'Certificate', {
  domainName: domainName,
})

When I try to run cdk synth or cdk deploy I get an error When using Tokens for domain names, 'validationDomains' needs to be supplied

I tried to add validationDomains to the certificate request but not only is this property depreciated I also don't know how to specify the validation domain. It has a typescript format that I don't understand:

CertificateProps.validationDomains?: {
  [domainName: string]: string;
}

Since validationDomains is depreciated, the docs say I should use validation but when I try to use validation the docs say that should be used for the validation method (DNS or email)

How do I create a correct certificate request when I use a token for a domain name?

aws-cdk


Solution 1:[1]

AWS won't create certificates unless it can validate you own the domain for which you want the certificate. It has two ways it can validate you own the domain. Through DNS or through email.

If using email validation to create a certificate for my.domain.com an email will be sent to admin, administrator, hostmaster, postmaster, and webmaster all @my.domain.com or you can also specify a super domain so it will send to domain.com instead.

If using DNS validation, AWS will generate a specific record to add as a sub domain of my.domain.com to prove you own it. If using Route53 HostedZone for this domain, you can specify the zone and it is all seamless. If not, you can still do DNS validation but you have to manually (or write a custom resource) create the record that AWS needs or the stack will never finish updating.

const domainName = StringParameter.valueForStringParameter(this, `/musical/${branch}/PaymentDomain`)

const cert = new Certificate(this, 'Certificate', {
  domainName: domainName,
  validation: CertificateValidation.fromDns(hostedZone), // Seamless
  validation: CertificateValidation.fromDns(), // You need to create DNS validation record manually
  validation: CertificateValidation.fromEmail() // Click link from email
})

Pick one of those validation methods and include it when creating the certificate

Solution 2:[2]

Not sure if anyone else finds this useful. But I got the same error when I didn't have a correctly formed domain name. I think I had a null somewhere while forming a string for a particular region. This resulted in an invalid domain name format.

For example, I was using

domainName: 'hello.world.'

instead of (say)

domainName: 'hello.world.com'

This took me way longer to debug than I'd like to admit since the error message doesn't tell you exactly what may have happened.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Max Schenkelberg
Solution 2 umayneverknow

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function