import { Certbot } from '@renovosolutions/cdk-library-certbot'
new Certbot(scope: Construct, id: string, props: CertbotProps)- Type:
constructs.Construct
- Type:
string
public readonly handler: Function;import { CertbotProps } from '@renovosolutions/cdk-library-certbot'
const certbotProps: CertbotProps = { ... }public readonly letsencryptDomains: string;- Type:
string
The comma delimited list of domains for which the Let's Encrypt certificate will be valid.
Primary domain should be first.
public readonly letsencryptEmail: string;- Type:
string
The email to associate with the Let's Encrypt certificate request.
public readonly architecture: Architecture;- Type:
aws-cdk-lib.aws_lambda.Architecture - Default: lambda.Architecture.X86_64
The architecture for the Lambda function.
This property allows you to specify the architecture type for your Lambda function. Supported values are 'x86_64' for the standard architecture and 'arm64' for the ARM architecture.
public readonly bucket: Bucket;The S3 bucket to place the resulting certificates in.
If no bucket is given one will be created automatically.
public readonly certificateStorage: CertificateStorageType;- Type:
@renovosolutions/cdk-library-certbot.CertificateStorageType - Default: CertificateStorageType.S3
The method of storage for the resulting certificates.
public readonly efsAccessPoint: AccessPoint;The EFS access point to store the certificates.
public readonly enableInsights: boolean;- Type:
boolean - Default: false
Whether or not to enable Lambda Insights.
public readonly enableObjectDeletion: boolean;- Type:
boolean - Default: false
Whether or not to enable automatic object deletion if the provided bucket is deleted.
Has no effect if a bucket is given as a property
public readonly functionDescription: string;- Type:
string
The description for the resulting Lambda function.
public readonly functionName: string;- Type:
string
The name of the resulting Lambda function.
public readonly hostedZoneNames: string[];- Type:
string[]
Hosted zone names that will be required for DNS verification with certbot.
public readonly hostedZones: IHostedZone[];The hosted zones that will be required for DNS verification with certbot.
public readonly insightsARN: string;- Type:
string
Insights layer ARN for your region.
Defaults to layer for US-EAST-1
public readonly keyType: string;- Type:
string - Default: 'ecdsa'
Set the key type for the certificate.
public readonly kmsKeyAlias: string;- Type:
string - Default: AWS managed key
The KMS key to use for encryption of the certificates in Secrets Manager or Systems Manager Parameter Store.
public readonly layers: ILayerVersion[];Any additional Lambda layers to use with the created function.
For example Lambda Extensions
public readonly objectPrefix: string;- Type:
string
The prefix to apply to the final S3 key name for the certificates.
Default is no prefix. Also used for EFS.
public readonly preferredChain: string;- Type:
string - Default: 'None'
Set the preferred certificate chain.
public readonly reIssueDays: number;- Type:
number - Default: 30
The numbers of days left until the prior cert expires before issuing a new one.
public readonly removalPolicy: RemovalPolicy;- Type:
aws-cdk-lib.RemovalPolicy - Default: RemovalPolicy.RETAIN
The removal policy for the S3 bucket that is automatically created.
Has no effect if a bucket is given as a property
public readonly runOnDeploy: boolean;- Type:
boolean - Default: true
Whether or not to schedule a trigger to run the function after each deployment.
public readonly runOnDeployWaitMinutes: number;- Type:
number - Default: 10
How many minutes to wait before running the post deployment Lambda trigger.
public readonly schedule: Schedule;- Type:
aws-cdk-lib.aws_events.Schedule - Default: events.Schedule.cron({ minute: '0', hour: '0', weekDay: '1' })
The schedule for the certificate check trigger.
public readonly secretsManagerPath: string;- Type:
string - Default:
/certbot/certificates/${letsencryptDomains.split(',')[0]}/
The path to store the certificates in AWS Secrets Manager.
public readonly snsTopic: Topic;The SNS topic to notify when a new cert is issued.
If no topic is given one will be created automatically.
public readonly ssmSecurePath: string;- Type:
string - Default:
/certbot/certificates/${letsencryptDomains.split(',')[0]}/
The path to store the certificates in AWS Systems Manager Parameter Store.
public readonly timeout: Duration;- Type:
aws-cdk-lib.Duration - Default: Duraction.seconds(180)
The timeout duration for Lambda function.
public readonly vpc: IVpc;- Type:
aws-cdk-lib.aws_ec2.IVpc - Default: none
The VPC to run the Lambda function in.
This is needed if you are using EFS. It should be the same VPC as the EFS filesystem
Store the certificate in AWS Secrets Manager.
Store the certificates in S3.
Store the certificates as a parameter in AWS Systems Manager Parameter Store with encryption.
Store the certificates in EFS, mounted to the Lambda function.