(aws-certificatemanager): implement new cloudformation feature for DNS validation #8659
Description
I am proposing to implement the feature announced in this blog article. It appears that the Lambda function used in the DnsValidatedCertificate construct is no longer needed. In fact, you may argue that the DnsValidatedCertificate construct itself is no longer needed.
This is because the HostedZoneId is introduced in the DomainValidationOptions, which does the job for you.
Use Case
It makes sense because it is a CloudFormation native construct now, and because it saves provisioning an:
- AWS::IAM::Role
- AWS::IAM::Policy
- AWS::Lambda::Function
- AWS::CloudFormation::CustomResource
Proposed Solution
Since this feature was introduced, I think it is possible to just create a record in a hosted zone by providing the hosted zone id, like so:
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: example.com
DomainValidationOptions:
- DomainName: example.com
HostedZoneId: Z2UWXABC123
ValidationMethod: DNS
This now creates a validation record on your behalf in the Hosted Zone with the ID specified in the DomainValidationOptions.
Other
I would add the HostedZoneId as a DomainValidationOption, and perhaps get rid of the DnsValidatedCertificate construct, as it may have become obsolete now.
Looking forward to your input.
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request