This repository contains a CloudFormation custom resource for provisioning and validating an AWS ACM certificate.
While you can provision an ACM Certificate via CloudFormation, you aren't able to perform the validation with CloudFormation. This custom resource fills the gap by validating the certificate using DNS validation.
There are two steps to using this custom resource: deploying the custom resource Lambda and using the custom resource in a CloudFormation template.
The custom resource uses the custom-resource-helper library and is deployed using AWS SAM. See here for instructions on installing SAM.
To deploy, run the following commands:
$ pip3 install crhelper -t ./acm_register/
$ aws s3 mb s3://<S3-BUCKET-NAME>
$ sam package \
--output-template-file packaged.yaml \
--s3-bucket <S3-BUCKET-NAME> \
--template-file acm.yaml
$ aws cloudformation deploy \
--template-file packaged.yaml \
--stack-name acm-custom-resource \
--capabilities CAPABILITY_IAM
This will deploy the custom resource function and register its ARN as the ACMRegisterFunction
Export.
The next step is to use the custom resource in a CloudFormation stack. There is an example in template.yaml
in this directory.
To use it, run:
aws cloudformation deploy \
--template-file template.yaml \
--stack-name acm-register-test \
--parameter-overrides DOMAIN=<DOMAIN> RECORD=<RECORD>
Replace <DOMAIN>
with your base domain and <RECORD>
with the record you want.
For example, if you wanted to create a certificate for api.my-app.com
, you would use:
aws cloudformation deploy \
--template-file template.yaml \
--stack-name acm-register-test \
--parameter-overrides DOMAIN=my-app.com RECORD=api