Skip to content
/ create-and-validate-acm-certificate Public
forked from dylburger/create-and-validate-acm-certificate

Creates an ACM certificate with DNS validation, creates the validation records directly in Route 53

License

MIT license
0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tkrajca/create-and-validate-acm-certificate

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits

create_and_validate_acm_cert

create_and_validate_acm_cert

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

Pipfile

Pipfile

 
 

README.md

README.md

 
 

request-certificate.py

request-certificate.py

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

Audience

You're using AWS, managing certificates through ACM, and DNS through Route53.

You want to create an ACM certificate using DNS validation, since you may not have email configured for the domain. And you want to automatically create the associated CNAME records for DNS validation in Route53. This mimics the "Create record in Route 53" button in the AWS Console (see DNS validation reference).

NOTE: this script was created for a single use case and may not function as intended for more general use. However, please feel free to modify it or submit PRs.

Overview

Creates an ACM certificate for a given domain name, with optional subject alternative names, using DNS validation.

Immediately creates the associated CNAME records for DNS validation in Route53. The script assumes that a Route 53 hosted zone tied to the domain exists (e.g. if you're creating a new certificate for www.test.com, the script will create validation records in the test.com hosted zone).

It will take a few minutes after you run the script for the certificate to be fully validated and issued.

By default, this creates ACM certificates in us-east-1, so that the certificates can be used by Cloudfront. You can pass in a custom region (see Usage section below).

Usage

Python Module

If you want to install as a python package, run:

pip install git+https://github.com/dylburger/create-and-validate-acm-certificate

Then, in your script:

from create_and_validate_acm_cert import DNSValidatedACMCertClient

cert_client = DNSValidatedACMCertClient(domain='www.domain.com') # defaults to using the 'default` aws profile on your machine and the 'us-east-1' aws region.
arn = cert_client.request_certificate()
# Create DNS validation records
cert_client.create_domain_validation_records(arn)
# Wait for certificate to get to validation state before continuing
cert_client.wait_for_certificate_validation(certificate_arn=arn, sleep_time=5, timeout=600)

Command Line

First, you'll need to install the dependencies in requirements.txt:

pip install -r requirements.txt

Then, run the request-certificate.py script:

python request-certificate.py \
    --domain <domain> \
    --subject_alternative_names \
        <alternate name> \
        <another alternate name>

You can also pass a custom AWS profile name, or region:

python request-certificate.py \
    --profile personal \
    --region us-east-1 \
    --domain <domain> \
    --subject_alternative_names \
        <alternate name> \
        <another alternate name>

Version History

1.0.0

  • Breaking change to package name (renamed from acm_factory -> create_and_validate_acm_cert)

Credits

I'm very grateful to the contributors to this tool, and the contributors to these libraries:

  • tldextract helps parse the TLD and domain portions of hosts.
  • boto3 makes working with the AWS API easy.

About

Creates an ACM certificate with DNS validation, creates the validation records directly in Route 53

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%