Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

CustomResourceACM

This repository contains a CloudFormation custom resource for provisioning and validating an AWS ACM certificate.

While you can provision an ACM Certificate via CloudFormation, you aren't able to perform the validation with CloudFormation. This custom resource fills the gap by validating the certificate using DNS validation.

Usage

There are two steps to using this custom resource: deploying the custom resource Lambda and using the custom resource in a CloudFormation template.

Deploying the custom resource Lambda

The custom resource uses the custom-resource-helper library and is deployed using AWS SAM. See here for instructions on installing SAM.

To deploy, run the following commands:

$ pip3 install crhelper -t ./acm_register/
$ aws s3 mb s3://<S3-BUCKET-NAME>
$ sam package \
    --output-template-file packaged.yaml \
    --s3-bucket <S3-BUCKET-NAME> \
    --template-file acm.yaml
$ aws cloudformation deploy \
    --template-file packaged.yaml \
    --stack-name acm-custom-resource \
    --capabilities CAPABILITY_IAM

This will deploy the custom resource function and register its ARN as the ACMRegisterFunction Export.

Using the custom resource Lambda

The next step is to use the custom resource in a CloudFormation stack. There is an example in template.yaml in this directory.

To use it, run:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=<DOMAIN> RECORD=<RECORD>

Replace <DOMAIN> with your base domain and <RECORD> with the record you want.

For example, if you wanted to create a certificate for api.my-app.com, you would use:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=my-app.com RECORD=api

About

AWS CloudFormation Custom Resource that creates an ACM Cert. Account should be the authority for the domain being used.

Resources

Releases

No releases published

Packages

No packages published

Languages