Open tmokmss opened 1 year ago
Thanks for the suggestion!
I am marking this issue as p2, which means that we are unable to work on this immediately.
We use +1s to help prioritize our work, and are happy to revaluate this issue based on community feedback. You can reach out to the cdk.dev community on Slack to solicit support for reprioritization.
Check out our contributing guide if you're interested in contributing yourself - there's a low chance the team will be able to address this soon but we'd be happy to review a PR 🙂
This issue has received a significant amount of attention so we are automatically upgrading its priority. A member of the community will see the re-prioritization and provide an update on the issue.
Describe the feature
Like the feature implemented on Terraform, we'd like to generate a self-signed certificate within CDK, and import it to ACM.
The API on Terraform is like below. We can basically follow this design.
Use Case
Currently we cannot create an ACM certificate without 1. creating a Route 53 hosted zone or 2. creating a private certificate authority (doc). When I want to quickly test some TLS feature, I sometimes get frustrated since creating them properly is troublesome and difficult.
Although we can generate a self-signed certificate locally and import it via the management console or AWS API, it would be really great if we could do it just using CDK.
Proposed Solution
Because CloudFormation does not support natively to import a certificate to ACM, we have to create a custom resource construct to do that. Additionally, we need a feature to generate a TLS certificate as in Terrafrom and pass it to the custom resource.
Other Information
Since using self-signed certificates is often not following security best practice, a warning should be clearly noted like in Terraform docs.
Acknowledgements
CDK version used
2.26.0
Environment details (OS name and version, etc.)
macOS