import * as cdk from "aws-cdk-lib"; import * as acm from "aws-cdk-lib/aws-certificatemanager"; import { Construct } from "constructs"; interface CertificateStackProps extends cdk.StackProps { /** * The domain name for the certificate (e.g., village-share.com) */ domainName: string; } export class CertificateStack extends cdk.Stack { /** * The ACM certificate for the domain */ public readonly certificate: acm.Certificate; /** * The certificate ARN for cross-stack references */ public readonly certificateArn: string; constructor(scope: Construct, id: string, props: CertificateStackProps) { super(scope, id, props); const { domainName } = props; // Create wildcard certificate for the domain // This covers both the apex domain and all subdomains this.certificate = new acm.Certificate(this, "WildcardCertificate", { domainName: domainName, subjectAlternativeNames: [`*.${domainName}`], validation: acm.CertificateValidation.fromDns(), certificateName: `${domainName}-wildcard`, }); this.certificateArn = this.certificate.certificateArn; // Outputs new cdk.CfnOutput(this, "CertificateArn", { value: this.certificate.certificateArn, description: "ACM Certificate ARN", exportName: `CertificateArn-${domainName.replace(/\./g, "-")}`, }); new cdk.CfnOutput(this, "DomainName", { value: domainName, description: "Domain name for the certificate", }); // Important: After deployment, you need to add CNAME records to your DNS provider // Run: aws acm describe-certificate --certificate-arn --query 'Certificate.DomainValidationOptions' // to get the CNAME records needed for DNS validation new cdk.CfnOutput(this, "ValidationInstructions", { value: `Run 'aws acm describe-certificate --certificate-arn ${this.certificate.certificateArn} --query Certificate.DomainValidationOptions' to get DNS validation records`, description: "Instructions for DNS validation", }); } }