Check for the existance of the ssl certificate before deletion.

Create a fab task update_certs to update the ssl certificates from the config

bootstrap_cfn/fab_tasks.py

@@ -371,3 +371,17 @@ def rsync():
             env.environment,
             '.'),
         use_sudo=True)
+
+@task 
+def update_certs():
+    """
+    Update the ssl certificates with those in the config file
+    """
+    stack_name = get_stack_name()
+    aws_config, cfn, cfn_config = get_config()
+    # Upload any SSL certs that we may need for the stack.
+    if 'ssl' in cfn_config.data:
+        iam = IAM(aws_config)
+        iam.delete_ssl_certificate(cfn_config.ssl(), stack_name)
+        iam.upload_ssl_certificate(cfn_config.ssl(), stack_name)
+

bootstrap_cfn/iam.py

@@ -1,4 +1,5 @@
 import boto.iam
+import logging
 
 class IAM:
 
@@ -29,7 +30,17 @@ def upload_ssl_certificate(self, ssl_config, stack_name):
         return True
 
     def delete_ssl_certificate(self, ssl_config, stack_name):
+        cert_list = self.conn_iam.list_server_certs()
+
         for cert_name in ssl_config.keys():
             cert_id = "{0}-{1}".format(cert_name, stack_name)
-            self.conn_iam.delete_server_cert(cert_id)
+            # Check for cert in list before deleting
+            cert_list_metadata = cert_list['list_server_certificates_response']['list_server_certificates_result']['server_certificate_metadata_list']
+            for remote_cert in cert_list_metadata:
+                remote_cert_name = remote_cert['server_certificate_name']
+                if remote_cert_name == cert_id:
+                    self.conn_iam.delete_server_cert(cert_id)
+                    logging.info("Found certificate '%s', deleting before update" % (remote_cert_name))
+                    break
+
         return True