Skip to content
AWS CloudFormation Custom Resource that creates an ACM Cert. Account should be the authority for the domain being used.
Branch: master
Clone or download
Latest commit d6a81fe Mar 26, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea first commit Mar 25, 2019
acm_register Cleanup and update README Mar 26, 2019
.gitignore first commit Mar 25, 2019
README.md Cleanup and update README Mar 26, 2019
acm.yaml Cleanup and update README Mar 26, 2019
template.yaml Cleanup and update README Mar 26, 2019

README.md

CustomResourceACM

This repository contains a CloudFormation custom resource for provisioning and validating an AWS ACM certificate.

While you can provision an ACM Certificate via CloudFormation, you aren't able to perform the validation with CloudFormation. This custom resource fills the gap by validating the certificate using DNS validation.

Usage

There are two steps to using this custom resource: deploying the custom resource Lambda and using the custom resource in a CloudFormation template.

Deploying the custom resource Lambda

The custom resource uses the custom-resource-helper library and is deployed using AWS SAM. See here for instructions on installing SAM.

To deploy, run the following commands:

$ pip3 install crhelper -t ./acm_register/
$ aws s3 mb s3://<S3-BUCKET-NAME>
$ sam package \
    --output-template-file packaged.yaml \
    --s3-bucket <S3-BUCKET-NAME> \
    --template-file acm.yaml
$ aws cloudformation deploy \
    --template-file packaged.yaml \
    --stack-name acm-custom-resource \
    --capabilities CAPABILITY_IAM

This will deploy the custom resource function and register its ARN as the ACMRegisterFunction Export.

Using the custom resource Lambda

The next step is to use the custom resource in a CloudFormation stack. There is an example in template.yaml in this directory.

To use it, run:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=<DOMAIN> RECORD=<RECORD>

Replace <DOMAIN> with your base domain and <RECORD> with the record you want.

For example, if you wanted to create a certificate for api.my-app.com, you would use:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=my-app.com RECORD=api
You can’t perform that action at this time.