runway.cfngin.hooks.acm module

CFNgin hooks for AWS Certificate Manager.

class runway.cfngin.hooks.acm.HookArgs(*, tags: Dict[str, str] = {}, alt_names: List[str] = [], domain: str, hosted_zone_id: str, stack_name: str = None, ttl: int = 300)[source]

Bases: runway.cfngin.hooks.base.HookArgsBaseModel

Hook arguments.

Create a new model by parsing and validating input data from keyword arguments.

Raises ValidationError if the input data cannot be parsed to form a valid model.

__contains__(name: str)bool

Implement evaluation of ‘in’ conditional.

Parameters

name – The name to check for existence in the model.

__getitem__(name: str)typing.Any

Implement evaluation of self[name].

Parameters

name – Attribute name to return the value for.

Returns

The value associated with the provided name/attribute name.

Raises

AttributeError – If attribute does not exist on this object.

__iter__()TupleGenerator

so dict(model) works

__pretty__(fmt: Callable[[Any], Any], **kwargs: Any)Generator[Any, None, None]

Used by devtools (https://python-devtools.helpmanual.io/) to provide a human readable representations of objects

__repr_name__()unicode

Name of the instance’s class, used in __repr__.

classmethod construct(_fields_set: Optional[SetStr] = None, **values: Any)Model

Creates a new model setting __dict__ and __fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed. Behaves as if Config.extra = ‘allow’ was set since it adds all passed values

copy(*, include: Union[AbstractSetIntStr, MappingIntStrAny] = None, exclude: Union[AbstractSetIntStr, MappingIntStrAny] = None, update: DictStrAny = None, deep: bool = False)Model

Duplicate a model, optionally choose which fields to include, exclude and change.

Parameters
  • include – fields to include in new model

  • exclude – fields to exclude from new model, as with values this takes precedence over include

  • update – values to change/add in the new model. Note: the data is not validated before creating the new model: you should trust this data

  • deep – set to True to make a deep copy of the model

Returns

new model instance

dict(*, include: Union[AbstractSetIntStr, MappingIntStrAny] = None, exclude: Union[AbstractSetIntStr, MappingIntStrAny] = None, by_alias: bool = False, skip_defaults: bool = None, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False)DictStrAny

Generate a dictionary representation of the model, optionally specifying which fields to include or exclude.

json(*, include: Union[AbstractSetIntStr, MappingIntStrAny] = None, exclude: Union[AbstractSetIntStr, MappingIntStrAny] = None, by_alias: bool = False, skip_defaults: bool = None, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False, encoder: Optional[Callable[[Any], Any]] = None, **dumps_kwargs: Any)unicode

Generate a JSON representation of the model, include and exclude arguments as per dict().

encoder is an optional function to supply as default to json.dumps(), other arguments as per json.dumps().

classmethod update_forward_refs(**localns: Any)None

Try to update ForwardRefs on fields based on this Model, globalns and localns.

class runway.cfngin.hooks.acm.Certificate(context: CfnginContext, provider: Provider, **kwargs: Any)[source]

Bases: runway.cfngin.hooks.base.Hook

Hook for managing a AWS::CertificateManager::Certificate.

Keyword Arguments
  • alt_names (Optional[List[str]]) – Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for which the domain field is www.example.com if users can reach your site by using either name.

  • domain (str) – The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.

  • hosted_zone_id (str) – The ID of the Route 53 Hosted Zone that contains the resource record sets that you want to change. This must exist in the same account that the certificate will be created in.

  • stack_name (Optional[str]) – Provide a name for the stack used to create the certificate. If not provided, the domain is used (replacing . with -).

  • ttl (Optional[int]) – The resource record cache time to live (TTL), in seconds. (default: 300)

Example

pre_deploy:
  example-wildcard-cert:
    path: runway.cfngin.hooks.acm.Certificate
    required: true
    args:
      domain: '*.example.com'
      hosted_zone_id: ${xref example-com::HostedZoneId}

Instantiate class.

Parameters
  • context – Context instance. (passed in by CFNgin)

  • provider – Provider instance. (passed in by CFNgin)

ARGS_PARSER

alias of runway.cfngin.hooks.acm.HookArgs

domain_changed()bool[source]

Check to ensure domain has not changed for existing stack.

get_certificate(interval: int = 5)str[source]

Get the certificate being created by a CloudFormation.

Parameters

interval – Number of seconds to wait between attempts.

Returns

Certificate ARN.

get_validation_record(cert_arn: Optional[str] = None, *, interval: int = 5, status: str = 'PENDING_VALIDATION')ResourceRecordTypeDef[source]

Get validation record from the certificate being created.

Parameters
  • cert_arn – ARN of the certificate to validate.

  • interval – Number of seconds to wait between attempts.

  • status – Validation status to look for when finding a validation record. Typically only “PENDING_VALIDATION” or “SUCCESS” will be used.

Raises

ValueError – No pending or too many pending certificates.

put_record_set(record_set: ResourceRecordTypeDef)None[source]

Create/update a record set on a Route 53 Hosted Zone.

Parameters

record_set – Record set to be added to Route 53.

remove_validation_records(records: Optional[List[ResourceRecordTypeDef]] = None)None[source]

Remove all record set entries used to validate an ACM Certificate.

Parameters

records – List of validation records to remove from Route 53. This can be provided in cases were the certificate has been deleted during a rollback.

update_record_set(record_set: ResourceRecordTypeDef)None[source]

Update a validation record set when the cert has not changed.

Parameters

record_set – Record set to be updated in Route 53.

deploy(status: Optional[Status] = None)Dict[str, str][source]

Deploy an ACM Certificate.

deploy_stack(stack: Optional[Stack] = None, wait: bool = False)Status

Deploy a stack.

Parameters
  • stack – A stack to act on.

  • wait – Wither to wait for the stack to complete before returning.

Returns

Ending status of the stack.

destroy(records: Optional[List[ResourceRecordTypeDef]] = None, skip_r53: bool = False)bool[source]

Destroy an ACM certificate.

Parameters
  • records – List of validation records to remove from Route 53. This can be provided in cases were the certificate has been deleted during a rollback.

  • skip_r53 – Skip the removal of validation records.

destroy_stack(stack: Optional[Stack] = None, wait: bool = False)Status

Destroy a stack.

Parameters
  • stack – A stack to act on.

  • wait – Wither to wait for the stack to complete before returning.

Returns

Ending status of the stack.

generate_stack(**kwargs: typing.Any)runway.cfngin.stack.Stack

Create a CFNgin Stack object.

get_template_description(suffix: Optional[str] = None)str

Generate a template description.

Parameters

suffix – Suffix to append to the end of a CloudFormation template description.

property tags

Return tags that should be applied to any resource being created.

post_deploy()Dict[str, str][source]

Run during the post_deploy stage.

post_destroy()bool[source]

Run during the post_destroy stage.

pre_deploy()Dict[str, str][source]

Run during the pre_deploy stage.

pre_destroy()bool[source]

Run during the pre_destroy stage.