No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Does anyone know if there is a nice way to "default" ACM certificates to creating the appropriate validation DNS records if the relevant HostedZone exists?

(using AWS and python)

If you call `acm.Certificate(...)` there is a property on the certificate `domain_validation_options` that you can use to create the DNS record.

I've used it like this:
```certificate_validation_record = route53.Record('{}-validation-record'.format(config.environment),
                                               name=certificate.domain_validation_options[0]['resourceRecordName'],
                                               records=[
                                                   certificate.domain_validation_options[0]['resourceRecordValue']
                                               ],
                                               ttl=60,
                                               type=certificate.domain_validation_options[0]["resourceRecordType"],
                                               zone_id=zone.zone_id)

acm.CertificateValidation('{}-certificate-validation'.format(config.environment),
                                                   certificate_arn=certificate.arn,
                                                   validation_record_fqdns=[certificate_validation_record.fqdn])```

Thanks! That's what I'm currently doing. It gets quite tricky when (1) you have multiple SANs, (2) you cross hosted zones with your SANs. I was hoping there was more magic like in CFN:

<https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatemanager-certificate-validationmethod|https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html#cfn-certificatem[…]-validationmethod>

&gt;  When you use the `AWS::CertificateManager::Certificate` resource in a CloudFormation stack, domain validation is handled automatically if all three of the following are true: The certificate domain is hosted in Amazon Route 53, the domain resides in your AWS account, and you are using DNS validation.