acm.Certificate
- Hook Path
Manage a DNS validated certificate in AWS Certificate Manager.
When used in the pre_deploy or post_deploy stage this hook will create a CloudFormation stack containing a DNS validated certificate.
It will automatically create a record in Route 53 to validate the certificate and wait for the stack to complete before returning the CertificateArn as hook data.
The CloudFormation stack also outputs the ARN of the certificate as CertificateArn so that it can be referenced from other stacks.
When used in the pre_destroy or post_destroy stage this hook will delete the validation record from Route 53 then destroy the stack created during a deploy stage.
If the hook fails during a deploy stage (e.g. stack rolls back or Route 53 can’t be updated) all resources managed by this hook will be destroyed. This is done to avoid orphaning resources/record sets which would cause errors during subsequent runs. Resources effected include the CloudFormation stack it creates, ACM certificate, and Route 53 validation record.
New in version 1.6.0.
Requirements
Route 53 hosted zone
authoritative for the domain the certificate is being created for
in the same AWS account as the certificate being created
Args
- alt_names: Optional[List[str]] = []
Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for which the
domainfield is www.example.com if users can reach your site by using either name.
- domain: str
The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (
*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.
- hosted_zone_id: str
The ID of the Route 53 Hosted Zone that contains the resource record sets that you want to change. This must exist in the same account that the certificate will be created in.
- stack_name: Optional[str] = None
Provide a name for the stack used to create the certificate. If not provided, the domain is used (replacing
.with-). If the is provided in a deploy stage, its needs to be provided in the matching destroy stage.
- ttl: Optional[int] = None
The resource record cache time to live (TTL), in seconds. (default:
300)
Example
namespace: example
cfngin_bucket: ''
sys_path: ./
pre_deploy:
acm-cert:
path: runway.cfngin.hooks.acm.Certificate
required: true
args:
domain: www.example.com
hosted_zone_id: ${rxref example-com::HostedZone}
stack:
sampleapp:
class_path: blueprints.sampleapp.BlueprintClass
variables:
cert_arn: ${rxref www-example-com::CertificateArn}
post_destroy:
acm-cert:
path: runway.cfngin.hooks.acm.Certificate
required: true
args:
domain: www.example.com
hosted_zone_id: ${rxref example-com::HostedZone}