Skip to content
A cute hedgehog picking up a building block A cute hedgehog picking up a building block Stackattack

certificate

View Source

ACM certificates in AWS provide SSL/TLS certificates for secure HTTPS connections. Stackattack creates certificates with automatic DNS validation through Route53, supporting wildcards and multiple domains.

import * as saws from "@stackattack/aws";


const ctx = saws.context();
const certArn = saws.certificate(ctx, {
  domain: "example.com",
  wildcard: true
});


export const certificateArn = certArn;

Usage

Section titled “Usage”

After deploying a certificate, you can use it with other AWS services:

AWS CLI:

Terminal window
# View certificate details
aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
Section titled “Related Components”

Certificates work together with other Stackattack components:

  • load-balancer - Uses certificates for HTTPS termination
  • static-site - Uses certificates for secure CloudFront distributions

Costs

Section titled “Costs”

ACM certificates are completely free when used with AWS services:

  • Certificate issuance - No cost for requesting, renewing, or using ACM certificates with AWS services like ALB, CloudFront, or API Gateway.

  • DNS validation - Route53 DNS queries during validation are minimal and typically cost less than $0.01.

  • Automatic renewal - ACM automatically renews certificates before expiration at no cost.

  • Wildcard certificates - No additional cost for wildcard (*.example.com) or multi-domain certificates.

Important limitations:

  • ACM certificates can only be used with AWS services (ALB, CloudFront, API Gateway, etc.)
  • You cannot export private keys for use on non-AWS infrastructure
  • For external use cases, consider Let’s Encrypt or commercial certificate authorities

See ACM Pricing for details.

certificate

Section titled “certificate”

Creates an ACM certificate with DNS validation and optional wildcard support.

function certificate(ctx: Context, args: CertificateArgs): Output<string>

Parameters

Section titled “Parameters”
  • ctx (Context) - The context for resource naming and tagging
  • args (CertificateArgs) - Configuration arguments for the certificate

Returns

Section titled “Returns”
  • (Output<string>) - Creates an ACM certificate with DNS validation and optional wildcard support.

Functions

Section titled “Functions”

getZoneFromDomain

Section titled “getZoneFromDomain”

Retrieves the Route53 hosted zone ID for a given domain by extracting the root domain.

function getZoneFromDomain(domain: Input<string>): Output<string>

Parameters

Section titled “Parameters”
  • domain (Input<string>) - The domain name to find the hosted zone for

Returns

Section titled “Returns”
  • (Output<string>) - Retrieves the Route53 hosted zone ID for a given domain by extracting the root domain.

Interfaces

Section titled “Interfaces”

CertificateArgs

Section titled “CertificateArgs”

Configuration arguments for creating an ACM certificate.

Properties

Section titled “Properties”
  • additionalDomains? (Input<string>[]) - Additional domain names to include in the certificate
  • domain (Input<string>) - The primary domain name for the certificate
  • noPrefix? (boolean) - Whether to skip adding a prefix to the resource name
  • noValidate? (boolean) - Whether to skip DNS validation (returns certificate ARN immediately)
  • provider? (Provider) - Use a specific provider instance to create certificate resources. This can allow you to create certificate in different region(s) or account(s)
  • wildcard? (boolean) - Whether to include a wildcard subdomain (*.domain)
  • zone? (Input<string>) - Specific Route53 zone ID (auto-detected from domain if not provided)