CDK DnsValidatedCertificate — Replace it today!

If you’ve ever dealt with Cloudformation in the old days of 2019, you were either creating your Certificate Manager certificates and manually approving them via DNS or you were using some AWS Lambda code on the Internet to manage validating that the certificate was created.

Fortunately, Cloudformation now has the functionality to handle Certificate validation on DNS records directly and this change has made its way into CDK. The code replacement is very simple, but the impact is large. No more random AWS lambdas deploying and trying to handle the validation process, no more timeouts from the lambda not being able to complete the validation in time, no additional costs from lambda deployments (granted those are practically free).

The old way:

The new way:

Note: if you had some old validation records on the domain, they won’t necessarily get cleaned up so you may have to remove those records. Otherwise this approach is faster, cleaner, and SUBSTANTIALLY more reliable than the other method since it is taking place inside of CloudFormation.