ryansb / acm-certs-cloudformation Goto Github PK
View Code? Open in Web Editor NEWCloudFormation resource for AWS Certificate Manager cert requests
License: MIT License
CloudFormation resource for AWS Certificate Manager cert requests
License: MIT License
Need to add
--capabilities CAPABILITY_IAM
To the aws command to make it work.
I simply run make create
command and the stack failed to create the Custom::AcmCertificateRequest
with the following error:
1 validation error detected: Value 'arn:aws:lambda:us-east-1:REDACTED:function:CfnAcmCertificate' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:aws:lambda:)?([a-z]{2}-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?
Do I need to change the template before executing or is it a bug?
I'm using AWS in region eu-west-1, so the script is requesting the certificate from https://acm.eu-west-1.amazonaws.com/, but ACM isn't launched in that region, only us-east-1.
Outputs as follows:
[DEBUG] 2016-04-25T20:54:52.505Z f4b98df7-0b27-11e6-a536-ab11af2c113f Sending http request: <PreparedRequest [POST]>
[INFO] 2016-04-25T20:54:52.505Z f4b98df7-0b27-11e6-a536-ab11af2c113f Starting new HTTPS connection (1): acm.eu-west-1.amazonaws.com
[DEBUG] 2016-04-25T20:54:52.685Z f4b98df7-0b27-11e6-a536-ab11af2c113f "POST / HTTP/1.1" 400 34
[DEBUG] 2016-04-25T20:54:52.686Z f4b98df7-0b27-11e6-a536-ab11af2c113f Response headers: {'x-amzn-requestid': 'f53415bb-0b27-11e6-b097-f142be116a42', 'date': 'Mon, 25 Apr 2016 20:54:52 GMT', 'content-length': '34', 'content-type': 'application/x-amz-json-1.1', 'connection': 'close'}
[DEBUG] 2016-04-25T20:54:52.686Z f4b98df7-0b27-11e6-a536-ab11af2c113f Response body:
{
"__type": "AccessDeniedException"
}
[DEBUG] 2016-04-25T20:54:52.686Z f4b98df7-0b27-11e6-a536-ab11af2c113f Event needs-retry.acm.GetCertificate: calling handler <botocore.retryhandler.RetryHandler object at 0x7f172d325bd0>
[DEBUG] 2016-04-25T20:54:52.687Z f4b98df7-0b27-11e6-a536-ab11af2c113f No retry needed.
[ERROR] 2016-04-25T20:54:52.687Z f4b98df7-0b27-11e6-a536-ab11af2c113f Distribution E2I8M82LXMXLBO could not be found, got code 400
[ERROR] 2016-04-25T20:54:52.687Z f4b98df7-0b27-11e6-a536-ab11af2c113f Failure getting cloudfront distribution Traceback (most recent call last): File "/var/task/cloudfront_associator.py", line 32, in check_properties acm.get_certificate(CertificateArn=cert_arn) File "/var/runtime/botocore/client.py", line 228, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 492, in _make_api_call raise ClientError(parsed_response, operation_name) ClientError: An error occurred (AccessDeniedException) when calling the GetCertificate operation:
[INFO] 2016-04-25T20:54:52.687Z f4b98df7-0b27-11e6-a536-ab11af2c113f Responding to 'Create' request with:
{
"StackId": "arn:aws:cloudformation:eu-west-1:162137841831:stack/app-dev/8cd26c50-dd79-11e5-9f35-500c3d47ea36",
"Status": "FAILED",
"PhysicalResourceId": "could-not-create",
"Reason": "Failed to get CloudFront distribution, check DistributionId property",
"RequestId": "0223f962-dbf3-48df-a6e9-10ed1e772386",
"Data": {},
"LogicalResourceId": "DistributionCertificate"
}
[DEBUG] 2016-04-25T20:54:52.927Z f4b98df7-0b27-11e6-a536-ab11af2c113f Request to CFN API succeeded, nothing to do here
It seems that Cloudformation added natively the ACM certificate support but it is not documented. I accidentally discovered it.
This is how it works:
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn": "CERTIFICATE_ARN"
},
Thanks for this repository but maybe you might already consider deprecating it and updating Readme. Then, people would make their CF work easily.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.