feat(aws-certificatemanager): allow users to specify region for DNS c…

…ertificates * CloudFront requires certificates to be registered in the us-east-1 region, so this allows users to override the default, which places the certificates in whatever region the stack exists in
aws · May 24, 2019 · b39bb5d · b39bb5d
1 parent 7cb8e5e
commit b39bb5d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/...cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/...cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js
@@ -74,9 +74,9 @@ let report = function (event, context, responseStatus, physicalResourceId, respo
  * @param {string} hostedZoneId the Route53 Hosted Zone ID
  * @returns {string} Validated certificate ARN
  */
-const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, hostedZoneId) {
+const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, hostedZoneId, region) {
   const crypto = require('crypto');
-  const acm = new aws.ACM();
+  const acm = new aws.ACM({region});
   const route53 = new aws.Route53();
   if (waiter) {
     // Used by the test suite, since waiters aren't mockable yet
@@ -157,8 +157,8 @@ const requestCertificate = async function (requestId, domainName, subjectAlterna
  *
  * @param {string} arn The certificate ARN
  */
-const deleteCertificate = async function (arn) {
-  const acm = new aws.ACM();
+const deleteCertificate = async function (arn, region) {
+  const acm = new aws.ACM({region});
 
   console.log(`Deleting certificate ${arn}`);
 
@@ -189,7 +189,8 @@ exports.certificateRequestHandler = async function (event, context) {
           event.RequestId,
           event.ResourceProperties.DomainName,
           event.ResourceProperties.SubjectAlternativeNames,
-          event.ResourceProperties.HostedZoneId
+          event.ResourceProperties.HostedZoneId,
+          event.ResourceProperties.Region,
         );
         responseData.Arn = physicalResourceId = certificateArn;
         break;
@@ -198,7 +199,7 @@ exports.certificateRequestHandler = async function (event, context) {
         // If the resource didn't create correctly, the physical resource ID won't be the
         // certificate ARN, so don't try to delete it in that case.
         if (physicalResourceId.startsWith('arn:')) {
-          await deleteCertificate(physicalResourceId);
+          await deleteCertificate(physicalResourceId, event.ResourceProperties.Region);
         }
         break;
       default:

diff --git a/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts b/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts
@@ -12,6 +12,12 @@ export interface DnsValidatedCertificateProps extends CertificateProps {
      * must be authoritative for the domain name specified in the Certificate Request.
      */
     readonly hostedZone: route53.IHostedZone;
+    /**
+     * AWS region that will host the certificate. This is needed especially
+     * for certificates used for CloudFront distributions, which require the region
+     * to be us-east-1.
+     */
+    readonly region: string;
 }
 
 /**
@@ -64,7 +70,8 @@ export class DnsValidatedCertificate extends cdk.Construct implements ICertifica
             properties: {
                 DomainName: props.domainName,
                 SubjectAlternativeNames: props.subjectAlternativeNames,
-                HostedZoneId: this.hostedZoneId
+                HostedZoneId: this.hostedZoneId,
+                Region: props.region,
             }
         });