function requestCertificate(event, context, info) {
const token = String(info.DomainName).split('.').join('').substr(0, 30);
var acm_params = {
DomainName: info.DomainName,
ValidationMethod: 'DNS',
IdempotencyToken: token,
Options: {CertificateTransparencyLoggingPreference: 'ENABLED'},
};
if (Array.isArray(info.AlternativeDomains) && info.AlternativeDomains.length > 0) {
acm_params.SubjectAlternativeNames = info.AlternativeDomains;
}
var acm = new aws.ACM({apiVersion: '2015-12-08', region: 'us-east-1'});
acm.requestCertificate(acm_params, function(err, data) {
if (err) {
sendResponse(event, context,"FAILED", "NOTCREATED", {"Message" : err.stack});
} else {
var arn = data.CertificateArn;
var zoneName = info.HostedZoneName.substring(0, info.HostedZoneName.length - 1)
sendResponse(event, context, "SUCCESS", arn, {"Message" : "Resource creation successful!", "ResourceId":arn});
}
});
}
export default (async function taskRequestACMCert ({ cloudfrontSettings }) {
if (typeof cloudfrontSettings !== 'string') {
return {};
}
const acm = new AWS.ACM({ region: 'us-east-1' });
const certListResult = await acm
.listCertificates({ CertificateStatuses: ['ISSUED'] })
.promise();
const arns = certListResult.CertificateSummaryList.map(c => c.CertificateArn);
debug('current ACM Certificates', arns);
let usableCertArn = null;
for (const arn of arns) {
const describeResult = await acm
.describeCertificate({ CertificateArn: arn })
.promise();
const domains = [
describeResult.Certificate.DomainName,
...describeResult.Certificate.SubjectAlternativeNames
];
if (domains.includes(cloudfrontSettings)) {
usableCertArn = arn;
}
}
if (usableCertArn) {
debug(`using certificate: ${usableCertArn}`);
return { acmCertificateArn: usableCertArn };
} else {
const newCertArn = await awsRequestCertificate({ cloudfrontSettings });
return { acmCertificateArn: newCertArn };
}
});
function deleteResource(event, context) {
console.log("Delete Public Certificate. Event =>" + JSON.stringify(event));
const resourceId = event.PhysicalResourceId;
if (resourceId != undefined && String(resourceId) != "" && String(resourceId) != "NOTCREATED") {
var acm = new aws.ACM({apiVersion: '2015-12-08', region: 'us-east-1'});
acm.deleteCertificate({CertificateArn: resourceId}, function(err, data) {
if (err) {sendResponse(event, context,"FAILED", resourceId, {"Message" : err});
} else {sendResponse(event, context, "SUCCESS", resourceId, {"Message" : "Resource deletion successfull!"});}
});
} else {sendResponse(event, context, "SUCCESS", 'NOTCREATED', {"Message":"Resource was not created, so it doesn't need to be removed!"});}
}
async function awsRequestCertificate ({ cloudfrontSettings }) {
const domainName = cloudfrontSettings;
const acm = new AWS.ACM({ region: 'us-east-1' });
const requestResult = await acm
.requestCertificate({
DomainName: domainName,
IdempotencyToken: `dawson-${domainName}`.replace(/\W+/g, '')
})
.promise();
const certificateArn = requestResult.CertificateArn;
warning(
oneLine`
An SSL/TLS certificate has been requested for the domain ${domainName.bold} (${certificateArn}).
Dawson will now exit; please run this command again when you've validated such certificate.
Domain contacts and administrative emails will receive an email asking for confirmation.
Refer to AWS ACM documentation for further info:
https://docs.aws.amazon.com/acm/latest/userguide/setup-email.html
`
);
process.exit(1);
}