function requestCertificate(event, context, info) { const token = String(info.DomainName).split('.').join('').substr(0, 30); var acm_params = { DomainName: info.DomainName, ValidationMethod: 'DNS', IdempotencyToken: token, Options: {CertificateTransparencyLoggingPreference: 'ENABLED'}, }; if (Array.isArray(info.AlternativeDomains) && info.AlternativeDomains.length > 0) { acm_params.SubjectAlternativeNames = info.AlternativeDomains; } var acm = new aws.ACM({apiVersion: '2015-12-08', region: 'us-east-1'}); acm.requestCertificate(acm_params, function(err, data) { if (err) { sendResponse(event, context,"FAILED", "NOTCREATED", {"Message" : err.stack}); } else { var arn = data.CertificateArn; var zoneName = info.HostedZoneName.substring(0, info.HostedZoneName.length - 1) sendResponse(event, context, "SUCCESS", arn, {"Message" : "Resource creation successful!", "ResourceId":arn}); } }); }
export default (async function taskRequestACMCert ({ cloudfrontSettings }) { if (typeof cloudfrontSettings !== 'string') { return {}; } const acm = new AWS.ACM({ region: 'us-east-1' }); const certListResult = await acm .listCertificates({ CertificateStatuses: ['ISSUED'] }) .promise(); const arns = certListResult.CertificateSummaryList.map(c => c.CertificateArn); debug('current ACM Certificates', arns); let usableCertArn = null; for (const arn of arns) { const describeResult = await acm .describeCertificate({ CertificateArn: arn }) .promise(); const domains = [ describeResult.Certificate.DomainName, ...describeResult.Certificate.SubjectAlternativeNames ]; if (domains.includes(cloudfrontSettings)) { usableCertArn = arn; } } if (usableCertArn) { debug(`using certificate: ${usableCertArn}`); return { acmCertificateArn: usableCertArn }; } else { const newCertArn = await awsRequestCertificate({ cloudfrontSettings }); return { acmCertificateArn: newCertArn }; } });
function deleteResource(event, context) { console.log("Delete Public Certificate. Event =>" + JSON.stringify(event)); const resourceId = event.PhysicalResourceId; if (resourceId != undefined && String(resourceId) != "" && String(resourceId) != "NOTCREATED") { var acm = new aws.ACM({apiVersion: '2015-12-08', region: 'us-east-1'}); acm.deleteCertificate({CertificateArn: resourceId}, function(err, data) { if (err) {sendResponse(event, context,"FAILED", resourceId, {"Message" : err}); } else {sendResponse(event, context, "SUCCESS", resourceId, {"Message" : "Resource deletion successfull!"});} }); } else {sendResponse(event, context, "SUCCESS", 'NOTCREATED', {"Message":"Resource was not created, so it doesn't need to be removed!"});} }
async function awsRequestCertificate ({ cloudfrontSettings }) { const domainName = cloudfrontSettings; const acm = new AWS.ACM({ region: 'us-east-1' }); const requestResult = await acm .requestCertificate({ DomainName: domainName, IdempotencyToken: `dawson-${domainName}`.replace(/\W+/g, '') }) .promise(); const certificateArn = requestResult.CertificateArn; warning( oneLine` An SSL/TLS certificate has been requested for the domain ${domainName.bold} (${certificateArn}). Dawson will now exit; please run this command again when you've validated such certificate. Domain contacts and administrative emails will receive an email asking for confirmation. Refer to AWS ACM documentation for further info: https://docs.aws.amazon.com/acm/latest/userguide/setup-email.html ` ); process.exit(1); }