AWS CDK DnsValidatedCertificate is deprecated.

What it really means to “use {@link Certificate} instead”

--

Image by Midjourney

I recently learned how to connect a domain to an S3-hosted website with CDK, which enabled me to finally migrate all of my personal websites and projects to serverless! I’m still excited about it.

But then, just a week or two later, I started seeing the following deprecation notice:

[WARNING] aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate is deprecated.
use {
@link Certificate} instead
This API will be removed in the next major release.

That’s frustrating.

I tried looking up the solution, but all I found were conversation threads on GitHub issues, most of which were populated by people asking what to do and then giving up. Maybe it’s because it’s early days? One person mentioned the relevant pull request feat(certificatemanager): deprecate DnsValidatedCertificate, and after poring through all that my take-away was that anyone whose stacks are in different regions from us-east-1 (North Virginia) will need to set up a separate stack in that region in order to manage their certificates.

Anyone whose stacks are in different regions from us-east-1 (North Virginia) will need to set up a separate stack in that region in order to manage their certificates.

This is because unlike the DnsValidatedCertificate construct, you cannot specify the region for a Certificate.

That makes some of us sad.

In the meanwhile, here’s how I reconfigured my stacks to be able to convert my DnsValidatedCertificate to a Certificate.

  1. Create a new CertificateStack class that has an IHostedZone property and a Certificate property. This stack must create a Certificate object; that will look identical to the DnsValidatedCertificate, only instead of specifying a hosted zone…

--

--

Adam Fisher / fisher king (@therightstuff)

Software developer and writer of words, currently producing a graphic novel adaptation of Shakespeare's Sonnets! See http://therightstuff.bio.link for details.