Skip to content

AWS CloudFormation Custom Resource that creates an ACM Cert. Account should be the authority for the domain being used.

Notifications You must be signed in to change notification settings

rhboyd/CustomResourceACM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CustomResourceACM

This repository contains a CloudFormation custom resource for provisioning and validating an AWS ACM certificate.

While you can provision an ACM Certificate via CloudFormation, you aren't able to perform the validation with CloudFormation. This custom resource fills the gap by validating the certificate using DNS validation.

Usage

There are two steps to using this custom resource: deploying the custom resource Lambda and using the custom resource in a CloudFormation template.

Deploying the custom resource Lambda

The custom resource uses the custom-resource-helper library and is deployed using AWS SAM. See here for instructions on installing SAM.

To deploy, run the following commands:

$ pip3 install crhelper -t ./acm_register/
$ aws s3 mb s3://<S3-BUCKET-NAME>
$ sam package \
    --output-template-file packaged.yaml \
    --s3-bucket <S3-BUCKET-NAME> \
    --template-file acm.yaml
$ aws cloudformation deploy \
    --template-file packaged.yaml \
    --stack-name acm-custom-resource \
    --capabilities CAPABILITY_IAM

This will deploy the custom resource function and register its ARN as the ACMRegisterFunction Export.

Using the custom resource Lambda

The next step is to use the custom resource in a CloudFormation stack. There is an example in template.yaml in this directory.

To use it, run:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=<DOMAIN> RECORD=<RECORD>

Replace <DOMAIN> with your base domain and <RECORD> with the record you want.

For example, if you wanted to create a certificate for api.my-app.com, you would use:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name acm-register-test \
  --parameter-overrides DOMAIN=my-app.com RECORD=api

About

AWS CloudFormation Custom Resource that creates an ACM Cert. Account should be the authority for the domain being used.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages