ryansb / acm-certs-cloudformation Goto Github PK

View Code? Open in Web Editor NEW

47.0 47.0 13.0 15 KB

CloudFormation resource for AWS Certificate Manager cert requests

License: MIT License

Makefile 12.98% Python 87.02%

acm-certs-cloudformation's People

Contributors

Stargazers

Watchers

Forkers

wjordan coursescheduler keemotion upsidecommerce sihil benke hspencer77 aladinzaier pzimmermann ceekyay obonyojimmy d3v3l0 dayyehm

acm-certs-cloudformation's Issues

Missing capability in CLI command

Need to add

--capabilities CAPABILITY_IAM

To the aws command to make it work.

Error creating stack: 'functionName' failed to satisfy constraint

I simply run make create command and the stack failed to create the Custom::AcmCertificateRequest with the following error:

1 validation error detected: Value 'arn:aws:lambda:us-east-1:REDACTED:function:CfnAcmCertificate' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:aws:lambda:)?([a-z]{2}-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?

Do I need to change the template before executing or is it a bug?

Region appears to be hardcoded

I'm using AWS in region eu-west-1, so the script is requesting the certificate from https://acm.eu-west-1.amazonaws.com/, but ACM isn't launched in that region, only us-east-1.

Outputs as follows:

[DEBUG] 2016-04-25T20:54:52.505Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Sending http request: <PreparedRequest [POST]> 
[INFO]  2016-04-25T20:54:52.505Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Starting new HTTPS connection (1): acm.eu-west-1.amazonaws.com 
[DEBUG] 2016-04-25T20:54:52.685Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    "POST / HTTP/1.1" 400 34 
[DEBUG] 2016-04-25T20:54:52.686Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Response headers: {'x-amzn-requestid': 'f53415bb-0b27-11e6-b097-f142be116a42', 'date': 'Mon, 25 Apr 2016 20:54:52 GMT', 'content-length': '34', 'content-type': 'application/x-amz-json-1.1', 'connection': 'close'} 
[DEBUG] 2016-04-25T20:54:52.686Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Response body: 
{
    "__type": "AccessDeniedException"
}
[DEBUG] 2016-04-25T20:54:52.686Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Event needs-retry.acm.GetCertificate: calling handler <botocore.retryhandler.RetryHandler object at 0x7f172d325bd0>
[DEBUG] 2016-04-25T20:54:52.687Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    No retry needed.
[ERROR] 2016-04-25T20:54:52.687Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Distribution E2I8M82LXMXLBO could not be found, got code 400 
[ERROR] 2016-04-25T20:54:52.687Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Failure getting cloudfront distribution Traceback (most recent call last): File "/var/task/cloudfront_associator.py", line 32, in check_properties acm.get_certificate(CertificateArn=cert_arn) File "/var/runtime/botocore/client.py", line 228, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 492, in _make_api_call raise ClientError(parsed_response, operation_name) ClientError: An error occurred (AccessDeniedException) when calling the GetCertificate operation:
[INFO]  2016-04-25T20:54:52.687Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Responding to 'Create' request with:
{
    "StackId": "arn:aws:cloudformation:eu-west-1:162137841831:stack/app-dev/8cd26c50-dd79-11e5-9f35-500c3d47ea36",
    "Status": "FAILED",
    "PhysicalResourceId": "could-not-create",
    "Reason": "Failed to get CloudFront distribution, check DistributionId property",
    "RequestId": "0223f962-dbf3-48df-a6e9-10ed1e772386",
    "Data": {},
    "LogicalResourceId": "DistributionCertificate"
}
[DEBUG] 2016-04-25T20:54:52.927Z    f4b98df7-0b27-11e6-a536-ab11af2c113f    Request to CFN API succeeded, nothing to do here

Native support for ACM certificate

It seems that Cloudformation added natively the ACM certificate support but it is not documented. I accidentally discovered it.

This is how it works:

"ViewerCertificate": {
            "SslSupportMethod": "sni-only",
            "AcmCertificateArn": "CERTIFICATE_ARN"
},

Thanks for this repository but maybe you might already consider deprecating it and updating Readme. Then, people would make their CF work easily.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.