Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(aws-ecs-patterns): fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided #14004

Original file line number Diff line number Diff line change
Expand Up @@ -422,13 +422,14 @@ export abstract class ApplicationLoadBalancedServiceBase extends CoreConstruct {
this.targetGroup = this.listener.addTargets('ECS', targetProps);

if (protocol === ApplicationProtocol.HTTPS) {
if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') {
throw new Error('A domain name and zone is required when using the HTTPS protocol');
}

if (props.certificate !== undefined) {
this.certificate = props.certificate;
} else {
if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') {
throw new Error('A domain name and zone is required when using the HTTPS protocol');
}

this.certificate = new Certificate(this, 'Certificate', {
domainName: props.domainName,
validation: CertificateValidation.fromDns(props.domainZone),
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { expect, haveResource, haveResourceLike, SynthUtils } from '@aws-cdk/assert-internal';
import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as ecs from '@aws-cdk/aws-ecs';
import { ApplicationLoadBalancer, ApplicationProtocol, NetworkLoadBalancer } from '@aws-cdk/aws-elasticloadbalancingv2';
Expand Down Expand Up @@ -977,4 +978,38 @@ export = {
test.done();
},

'domainName and domainZone not required for HTTPS listener with provided cert'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
const vpc = new ec2.Vpc(stack, 'VPC');
const cluster = new ecs.Cluster(stack, 'Cluster', { vpc });
const exampleDotComZone = new route53.PublicHostedZone(stack, 'ExampleDotCom', {
zoneName: 'example.com',
});
const certificate = new DnsValidatedCertificate(stack, 'Certificate', {
domainName: 'test.example.com',
hostedZone: exampleDotComZone,
});

// WHEN
new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'FargateAlbService', {
cluster,
protocol: ApplicationProtocol.HTTPS,

taskImageOptions: {
containerPort: 2015,
image: ecs.ContainerImage.fromRegistry('abiosoft/caddy'),
},
certificate: certificate,
});

// THEN
expect(stack).notTo(haveResourceLike('AWS::Route53::RecordSet', {
Name: 'test.domain.com.',
}));

test.done();

},

};