Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(certificatemanager): DnsValidatedCertificate does not allow you to customize tags on the requested certificate #12382

Closed
1 of 2 tasks
bigkraig opened this issue Jan 6, 2021 · 4 comments · Fixed by #13990
Closed
1 of 2 tasks

(certificatemanager): DnsValidatedCertificate does not allow you to customize tags on the requested certificate #12382

bigkraig opened this issue Jan 6, 2021 · 4 comments · Fixed by #13990
Assignees
@njlynch
Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager effort/medium Medium work item – several days of effort feature/enhancement A new API to make things easier or more intuitive. A catch-all for general feature requests. feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p2

Comments

@bigkraig
Copy link

bigkraig commented Jan 6, 2021

Add a certificateTags parameter to DnsValidatedCertificateProps which will configure the Lambda to create tags on the requested certificate.

Use Case

We use permission boundaries to control what CDK can create roles for. As DnsValidatedCertificate creates a role for the function that manages the certificate, we need to be able to limit this role using tags to just the managed certificate.

Proposed Solution

Include an acm.addTagsToCertificate call in the requestCertificate function with tags defined in DnsValidatedCertificateProps.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@bigkraig bigkraig added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 6, 2021
@github-actions github-actions bot added the @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager label Jan 6, 2021
bigkraig added a commit to bigkraig/aws-cdk that referenced this issue Jan 6, 2021
@bigkraig
feat(certificatemanager): Add a parameter to DnsValidatedCertificateP…
f7f56fe 
…rops for configuring tags on the requested certificate (aws#12382)
@bigkraig bigkraig mentioned this issue Jan 6, 2021
Closed
bigkraig added a commit to bigkraig/aws-cdk that referenced this issue Jan 6, 2021
@bigkraig
feat(certificatemanager): Add a parameter to DnsValidatedCertificateP…
65928b8 
…rops for configuring tags on the requested certificate (aws#12382)
@njlynch njlynch added effort/medium Medium work item – several days of effort in-progress This issue is being actively worked on. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jan 26, 2021
@timothy-farestad
Copy link
Contributor

@njlynch Any chance this can get looked at again? Would be a huge help for our organization as our Governance team requires certain tags on all resources, and our current workaround is to embed some cli calls post-deploy.

@njlynch
Copy link
Contributor

njlynch commented Mar 31, 2021

@bigkraig submitted a PR, but the approach would have required tags to be explicitly added to the DnsValidatedCertificate, separate from every other construct in a stack. I proposed an alternative approach in #12383 (review).

@timothy-farestad - Happy to help you -- or any other contributor -- get this merged in. It should be a reasonably small contribution.

@ericzbeard ericzbeard added the feature/enhancement A new API to make things easier or more intuitive. A catch-all for general feature requests. label Apr 2, 2021
@timothy-farestad timothy-farestad mentioned this issue Apr 6, 2021
Merged
@timothy-farestad
Copy link
Contributor

@njlynch I took a stab following your suggestion... in #13990

@mergify mergify bot closed this as completed in #13990 Apr 15, 2021
mergify bot pushed a commit that referenced this issue Apr 15, 2021
@timothy-farestad
feat(certificatemanager): allow tagging DnsValidatedCertificate (#13990)
8360feb 
Closes #12382 

Attempting to implement the fix suggested in #12382 to allow the DnsValidatedCertificate resource to be taggable.  Currently, only the custom lambda that is created is tagged, but the certificate provisioned by the lambda is not tagged.  This would allow the lambda to pass tags through to the certificate, too.  

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@timothy-farestad @hollanddd
feat(certificatemanager): allow tagging DnsValidatedCertificate (aws#…
6c9fdd0 
…13990)

Closes aws#12382 

Attempting to implement the fix suggested in aws#12382 to allow the DnsValidatedCertificate resource to be taggable.  Currently, only the custom lambda that is created is tagged, but the certificate provisioned by the lambda is not tagged.  This would allow the lambda to pass tags through to the certificate, too.  

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager effort/medium Medium work item – several days of effort feature/enhancement A new API to make things easier or more intuitive. A catch-all for general feature requests. feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p2
Projects
None yet
Milestone
No milestone
4 participants
@bigkraig @ericzbeard @njlynch @timothy-farestad