I actually don't think I need extensive validation of the account's rights over the source domain, because if the account doesn't have them, stack deployment will fail when we can't get a cert.
Note: when you create a hosted zone for a name you don't own, AWS creates a delegation set of name servers associated with that hosted zone. I proved this out in my lab2 account.
I actually don't think I need extensive validation of the account's rights over the source domain, because if the account doesn't have them, stack deployment will fail when we can't get a cert.