search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.59k stars 3.89k forks source link

(aws-apprunner) Alias domain association via aws-certificatemanager #19740

Open tcldr opened 2 years ago

tcldr commented 2 years ago

Describe the feature

Allow a custom domain to be specified using a Route53 Zone. Or, alternatively, decouple the process of creating https certificates from App Runner and lean on the existing AWS Certificate Manager validation methods.

Use Case

Currently, it doesn't seem possible/documented to be able to associate a custom domain with an App Runner instance via the CDK at all.

There is a method offered via the API/Console, but it seems relatively manual and doesn't include any automation.

It would be preferable to set-up custom domains using a method consistent with that used by other CDK packages – such as CloudFront – which make this process especially simple.

Proposed Solution

Decouple the process of creating https certificates from App Runner, support ALIAS records, and lean on the existing AWS Certificate Manager validation methods.

An ideal API inspired by CloudFront might look like:

// Custom domain
const apexdomain = "example.com"
const subdomain = "my-app"
const domain = `${subdomain}.${apexdomain}`

// HostedZone lookup from current AWS region and account. Requires the Hosted Zone
// to be set-up manually, and the DNS pointed at the SOA record in order for the
// DnsValidatedCertifcate's validation to succeed.
const zone = route53.HostedZone.fromLookup(this, 'HostedZone', { domainName: apexdomain })
// TLS certificate
const certificate = new route53.DnsValidatedCertificate(this, 'SiteCertificate', {
    domainName: domain,
    hostedZone: zone,
    region: 'us-east-1', // Cloudfront only checks this region for certificates.
})
// Inspired by CloudFront ViewCertificate
const viewerCertificate = appRunner.ViewerCertificate.fromAcmCertificate(certificate, {
    aliases: [domain]
})
// App Runner service definition
const service = new apprunner.Service(this, 'Service', {
    source: apprunner.Source.fromGitHub({
        repositoryUrl: 'https://github.com/aws-containers/hello-app-runner',
        branch: 'main',
        configurationSource: apprunner.ConfigurationSourceType.REPOSITORY,
        connection: apprunner.GitHubConnection.fromConnectionArn('CONNECTION_ARN'),
    }),
    // New optional `viewerCertificate` property in 
    viewerCertificate: viewerCertificate
})
// Route53 alias record for the App Runner Service
new route53.ARecord(this, 'SiteAliasRecord', {
    zone: zone,
    recordName: domain,
    target: RecordTarget.fromAlias(new route53Targets.AppRunnerTarget(service)) // new App Runner Target
})

Other Information

No response

Acknowledgements

CDK version used

2.19.0

Environment details (OS name and version, etc.)

agnostic

tcldr commented 2 years ago

Depends on https://github.com/aws/apprunner-roadmap/issues/53

corymhall commented 2 years ago

@tcldr it doesn't look like this is currently possible since there is no CloudFormation support for creating a custom domain.

This is dependent on https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1092

github-actions[bot] commented 1 year ago

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

tcldr commented 1 year ago

Still pending https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1092

natemarks commented 5 months ago

it would be really great to see this feature. Without it, redeploying the stack would rename the endpoint. that doesn't; seem practical if it's public.

youg9203 commented 3 months ago

It is supposed to support the alias record for apprunner service target, otherwise manual or post job work is required for it.