feat: support custom certificate

aws · Jul 9, 2024 · 2884377 · 2884377
1 parent 046bf56
commit 2884377
Show file tree

Hide file tree

Showing 13 changed files with 1,062 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-amplify-alpha/README.md b/packages/@aws-cdk/aws-amplify-alpha/README.md
@@ -138,6 +138,17 @@ domain.mapSubDomain(main, 'www');
 domain.mapSubDomain(dev); // sub domain prefix defaults to branch name
 ```
 
+If you want to use your custom domain, set your custom certificate to `customCertificate`:
+
+```ts
+declare const customCertificate: acm.Certificate;
+declare const amplifyApp: amplify.App;
+gi
+const domain = amplifyApp.addDomain('example.com', {
+  customCertificate, // set your custom certificate
+});
+```
+
 ## Restricting access
 
 Password protect the app with basic auth by specifying the `basicAuth` prop.

diff --git a/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts b/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts
@@ -1,3 +1,4 @@
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import { Lazy, Resource, IResolvable } from 'aws-cdk-lib/core';
 import { Construct } from 'constructs';
@@ -36,6 +37,13 @@ export interface DomainOptions {
    * @default - all repository branches ['*', 'pr*']
    */
   readonly autoSubdomainCreationPatterns?: string[];
+
+  /**
+   * The type of SSL/TLS certificate to use for your custom domain
+   *
+   * @default - Amplify uses the default certificate that it provisions and manages for you
+   */
+  readonly customCertificate?: acm.ICertificate;
 }
 
 /**
@@ -130,6 +138,10 @@ export class Domain extends Resource {
       enableAutoSubDomain: !!props.enableAutoSubdomain,
       autoSubDomainCreationPatterns: props.autoSubdomainCreationPatterns || ['*', 'pr*'],
       autoSubDomainIamRole: props.autoSubDomainIamRole?.roleArn,
+      certificateSettings: props.customCertificate ? {
+        certificateType: 'CUSTOM',
+        customCertificateArn: props.customCertificate.certificateArn,
+      } : undefined,
     });
 
     this.arn = domain.attrArn;

diff --git a/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture
@@ -2,6 +2,7 @@
 import { SecretValue, Stack } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import * as amplify from '@aws-cdk/aws-amplify-alpha';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 
 class Fixture extends Stack {
   constructor(scope: Construct, id: string) {

diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts b/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts
@@ -1,4 +1,5 @@
 import { Template } from 'aws-cdk-lib/assertions';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import { App, SecretValue, Stack } from 'aws-cdk-lib';
 import * as amplify from '../lib';
@@ -64,6 +65,78 @@ test('create a domain', () => {
   });
 });
 
+test('create a domain with custom certificate', () => {
+  // GIVEN
+  const stack = new Stack();
+  const app = new amplify.App(stack, 'App', {
+    sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+      owner: 'aws',
+      repository: 'aws-cdk',
+      oauthToken: SecretValue.unsafePlainText('secret'),
+    }),
+  });
+  const prodBranch = app.addBranch('main');
+  const devBranch = app.addBranch('dev');
+
+  const customCertificate = new acm.Certificate(stack, 'Cert', {
+    domainName: '*.example.com',
+  });
+
+  // WHEN
+  const domain = app.addDomain('example.com', {
+    subDomains: [
+      {
+        branch: prodBranch,
+        prefix: 'prod',
+      },
+    ],
+    customCertificate,
+  });
+  domain.mapSubDomain(devBranch);
+
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Domain', {
+    AppId: {
+      'Fn::GetAtt': [
+        'AppF1B96344',
+        'AppId',
+      ],
+    },
+    DomainName: 'example.com',
+    CertificateSettings: {
+      CertificateType: 'CUSTOM',
+      CustomCertificateArn: {
+        Ref: 'Cert5C9FAEC1',
+      },
+    },
+    SubDomainSettings: [
+      {
+        BranchName: {
+          'Fn::GetAtt': [
+            'AppmainF505BAED',
+            'BranchName',
+          ],
+        },
+        Prefix: 'prod',
+      },
+      {
+        BranchName: {
+          'Fn::GetAtt': [
+            'AppdevB328DAFC',
+            'BranchName',
+          ],
+        },
+        Prefix: {
+          'Fn::GetAtt': [
+            'AppdevB328DAFC',
+            'BranchName',
+          ],
+        },
+      },
+    ],
+  });
+});
+
 test('map a branch to the domain root', () => {
   // GIVEN
   const stack = new Stack();

diff --git a/...domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json b/...domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json
diff --git a/...main.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json b/...main.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json
diff --git a/...-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json b/...-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json