diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts index 2593853cd0350..2a2c8feb23d7a 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts @@ -422,13 +422,14 @@ export abstract class ApplicationLoadBalancedServiceBase extends CoreConstruct { this.targetGroup = this.listener.addTargets('ECS', targetProps); if (protocol === ApplicationProtocol.HTTPS) { - if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') { - throw new Error('A domain name and zone is required when using the HTTPS protocol'); - } if (props.certificate !== undefined) { this.certificate = props.certificate; } else { + if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') { + throw new Error('A domain name and zone is required when using the HTTPS protocol'); + } + this.certificate = new Certificate(this, 'Certificate', { domainName: props.domainName, validation: CertificateValidation.fromDns(props.domainZone), diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service.ts index 8d204485eb125..a8c588d1187ef 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service.ts @@ -1,4 +1,5 @@ import { expect, haveResource, haveResourceLike, SynthUtils } from '@aws-cdk/assert-internal'; +import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import { ApplicationLoadBalancer, ApplicationProtocol, NetworkLoadBalancer } from '@aws-cdk/aws-elasticloadbalancingv2'; @@ -977,4 +978,38 @@ export = { test.done(); }, + 'domainName and domainZone not required for HTTPS listener with provided cert'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + const exampleDotComZone = new route53.PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + const certificate = new DnsValidatedCertificate(stack, 'Certificate', { + domainName: 'test.example.com', + hostedZone: exampleDotComZone, + }); + + // WHEN + new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'FargateAlbService', { + cluster, + protocol: ApplicationProtocol.HTTPS, + + taskImageOptions: { + containerPort: 2015, + image: ecs.ContainerImage.fromRegistry('abiosoft/caddy'), + }, + certificate: certificate, + }); + + // THEN + expect(stack).notTo(haveResourceLike('AWS::Route53::RecordSet', { + Name: 'test.domain.com.', + })); + + test.done(); + + }, + };