binxio/cfn-certificate-provider binxio/cfn-certificate-provider

  • Stars
    star
    149
  • Rank 248,619 (Top 5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
binxio/cfn-certificate-provider
github

binxio

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A custom CloudFormation resource provider for creating DNS validated certificates in AWS

CloudFormation custom Certificate provider

Almost two years after the release of this custom provider, AWS finally provides native support for creating certificates with CloudFormation without manual intervention. Checkout https://aws.amazon.com/blogs/security/how-to-use-aws-certificate-manager-with-aws-cloudformation/

So, it is highly likely you do not need this custom provider anymore. If you want to create certificates in different regions, this provider is still pretty useful.

Custom Certificate Provider with DNS validation support

AWS Certificate Manager is a great service that allows the creation and renewal of certificates to be automated. It provides two ways of validating a certificate request: through email and through DNS.

When you are creating immutable infrastructure, the email validation method is a no-go as it requires human intervention. The DNS validation is of course the way to go! With 'Route53' we have full control over the DNS domain and can create the required records.

Although the CloudFormation AWS::CertificateManager::Certificate resource allow you to specify that you want DNS validation, it did not reveal the DNS records that you need to create. It writes them in the CloudFormation log file so that another human has to collect them and manually update the DNS record.

With this custom provider you can fully automated the creation of certificates with CloudFormation!

How do I request certificates fully automatically?

As a prerequisite, you need to have the hosted zones for the domain names on your certificate in Route53. If you have that, you can fully automate the provisioning of certificates, with the following resources:

  1. Custom::Certificate to request a certificate without waiting for it to be issued
  2. Custom::CertificateDNSRecord which will obtain the DNS record for a domain name on the certificate.
  3. Custom::IssuedCertificate which will actively wait until the certificate is issued.
  4. AWS::Route53::ResourceRecordSet to create the validation DNS record.

Checkout the sample in cloudformation/demo-stack.yaml.

Installation

To install this custom resource, type:

git clone https://github.com/binxio/cfn-certificate-provider.git
cd cfn-certificate-provider
aws cloudformation deploy \
        --capabilities CAPABILITY_IAM \
	--stack-name cfn-certificate-provider \
	--template-file cloudformation/cfn-resource-provider.yaml

This CloudFormation template will use our pre-packaged provider from s3://binxio-public-${AWS_REGION}/lambdas/cfn-certificate-provider-1.0.0.zip.

Demo

To install the simple sample of the Custom Resource, type:

read -p "domain name: " DOMAIN_NAME
read -p "hosted zone id: " HOSTED_ZONE
aws cloudformation deploy --stack-name cfn-certificate-provider-demo \
	--template-file cloudformation/demo-stack.yaml \
	--parameter-overrides DomainName=$DOMAIN_NAME HostedZoneId=$HOSTED_ZONE

More Repositories

1

cfn-secret-provider

A CloudFormation custom resource provider for deploying secrets and keys
Python
140
star
2

aws-ssm-copy

Copy parameters from a AWS parameter store to another
Python
80
star
3

aws-cloudwatch-log-minder

command line utility and Lambda to maintain AWS Cloudwatch logs
Python
56
star
4

gcp-get-secret

A simple command line utility to get secrets from the Google Secret Manager into your environment
Go
50
star
5

cfn-ses-provider

A CloudFormation custom provider for managing DKIM records in route53
Python
47
star
6

ec2-elastic-ip-manager

Dynamic binding of AWS Elastic IP addresses to EC2 instances
Python
28
star
7

cfn-postgresql-user-provider

A CloudFormation custom resource provider for deploying PostgreSQL users and databases
Python
23
star
8

cfn-saml-provider

A CloudFormation custom resource provider for adding an IAM SAML provider.
Python
22
star
9

cfn-resource-provider

Base class for AWS CloudFormation Custom Resource Providers.
Python
21
star
10

blog-cron-supervisor-docker

Example usage of cron to run container background tasks
Dockerfile
21
star
11

simple-iap-proxy

Simple proxy for accessing private GKE master endpoints and other services behind a Google Identity Aware Proxy
Go
20
star
12

cfn-lb-ip-address-provider

A CloudFormation custom resource provider for obtaining the IP addresses of an AWS Network Load Balancer.
Makefile
19
star
13

blog-lambda-unit-testing-python

A repository for the blog 'AWS lambda unit testing with Python'
Makefile
19
star
14

cfn-mysql-user-provider

A CloudFormation custom provider for managing MySQL users
Python
18
star
15

aws-cfn-update

utility to programmatically update CloudFormation templates
Python
16
star
16

blog-lambda-custom-runtime

A repository for the blog 'Lambda Custom Runtime'
Python
15
star
17

cfn-lint-plugin

Intellij plugin for validating AWS CloudFormation templates using cfn-lint
Java
14
star
18

ec2-boot-mount-ebs-volume

Mount an EBS Volume and updates /etc/fstab on ec2 instance boot
Makefile
14
star
19

aws-ssh-tunnel

CLI for port forwarding sessions with private RDS and EC2 instances.
Python
14
star
20

cloud-dns-integrity-checker

Utility to check the integrity of your DNS managed zones at your cloud service provider
Go
13
star
21

serverless-cfnflip

A serverless implementation of cfn-flip using Lambdas and API Gateway
Ruby
12
star
22

auth0-login

CLI to obtain JWT, SAML tokens, and AWS credentials using Auth0, OAuth and SAML
Python
12
star
23

aws-login

A Role Based Access Wrapper for AWS.
Python
11
star
24

cfn-vpc-starter

Starter templates for VPCs including the generator.
Shell
10
star
25

wordpress-markdown-blog-loader

loads Markdown blogs into Wordpress
Python
10
star
26

generate-temp-aws-credentials

This solution creates temporary AWS credentials to access the management console, use the cli and for programmatic access.
Python
9
star
27

blog-configuring-google-global-load-balancer-application

Demonstration of the world wide deployment of the paas-monitor on Google Compute Engine
HCL
9
star
28

ssm-get-parameter

A simple command line utility to get parameter values from the AWS Parameter Store into the container environment
Go
9
star
29

blog-cdk-cicd-cdkpipeline

Example CDK CI/CD pipeline using CdkPipeline and a single AWS account
TypeScript
8
star
30

aws-lambda-git

This repository demonstrates how you can run the git binary. Inside an AWS Lambda function.
Python
8
star
31

cfn-waf-provider

A custom provider that for WAF with support for the creation of rate based rules
Python
7
star
32

ec2-network-interface-manager

Dynamic binding of AWS network interfaces addresses to EC2 instances
Python
7
star
33

cfn-kong-provider

Custom CloudFormation resource providers for managing KONG API Gateway
Python
7
star
34

ec2-volume-manager

manages the attachment of volumes to autoscaling group instances
Python
7
star
35

aws-sandbox-account

This projects helps to create a secure, personal AWS account.
6
star
36

aws-oidc-provider-refresher

updates the thumbprint list of AWS IAM Open ID connect providers.
Python
6
star
37

aws-account-destroyer

AWS CodeBuild project that will destroy your entire account every day at 23:00
Shell
6
star
38

python-gcloud-config-helper

get gcloud config credentials in Python
Python
5
star
39

slackbot-on-google-cloud-platform-template

A copier template to bootstrap a Slackbot on Google Cloud Platform
Jinja
5
star
40

git-release-tag

semantic version tag support for components in git repositories
Python
5
star
41

aws-hashicorp-packer-reaper

stop or terminate dangling packer instances on aws
Python
5
star
42

cfn-auth0-provider

A CloudFormation custom provider for managing Auth0.com resources
Python
5
star
43

cfn-cross-account-dns-provider

Manage DNS records in a Route53 Hosted Zone in another AWS Account, using a SNS backed custom CloudFormation resource.
Python
5
star
44

aws-maintenance-window-reporter

Reports AWS maintenance windows
Python
4
star
45

aws-docker-toolbox

This project contains the source of a docker container with a lot of AWS tools
Dockerfile
4
star
46

gcp-private-gke-connect-gateway-deployment-example

Deploy private GKE cluster resources using Connect Gateway
HCL
4
star
47

botocore-stubber-recorder

Records AWS botocore API calls and generates unit test base classes providing stubbed responses
Python
4
star
48

zonefile-migrate

Migrate DNS managed zones to CloudFormation or Terraform
Python
4
star
49

fromage

list and update container references in Dockerfiles in a git repository
Go
4
star
50

cfn-ami-provider

A custom CloudFormation resource provider for declaring AMIs by name
Python
4
star
51

blog-aws-api-gateway-service-integrations

A repository for the blog 'aws-api-gateway-service-integrations'
Makefile
4
star
52

cfn-tag-provider

CloudFormation custom resource provider for managing any AWS resource tags.
Python
4
star
53

aws-okta

TypeScript
4
star
54

datadog-deployer

A simple command line utility to deploy datadog monitors from code.
Python
3
star
55

cdk-plugin-example

Example AWS CDK Credential Provider Plugin
TypeScript
3
star
56

og-image-generator

The binx.io blog og image generator
Python
3
star
57

blog-lambda-circuit-breaker

A repository for the blog 'circuit breaker - aws lambda'
Python
3
star
58

datadog-exporter

command line utility for exporting datadog metrics
Python
3
star
59

terraform-aws-ha-vpc-module

Terraform module containing a highly available AWS VPC
HCL
3
star
60

adot-collector-image

Custom AWS Distro for OpenTelemetry sidecar container image, to push metrics/traces into X-Ray and Amazon Managed Prometheus.
Dockerfile
3
star
61

gcloudconfig

Google Cloud SDK Credentials helper
Go
3
star
62

terraform-google-privatebin

Terraform Module deploying privatebin on Cloud Run and GCS
HCL
3
star
63

one-app-two-clouds-four-stacks

A repository for the presentation 'One app, two clouds, four stacks'
TypeScript
3
star
64

svg-assets

SVG assets for presentations / Excalidraw
Makefile
3
star
65

cfn-kms-provider

A CloudFormation custom resource provider for creating KMS grants
Python
3
star
66

cru

Container Reference Updater - updates container image references
Go
3
star
67

azure-devops-extensions

Custom Azure DevOps Extensions Source Repository.
TypeScript
3
star
68

cfn-custom-provider-template

template source directory for creating AWS Custom CloudFormation Resources in Python
Makefile
3
star
69

encryption-at-rest-google-storage-buckets

Sample terraform project enabling encryption at rest with Google Storage Buckets using a customer managed key
HCL
3
star
70

terraform-aws-remote-state-module

Terraform module to provision remote backend resources in AWS.
HCL
3
star
71

terraform-cidr-expand

Terraform module to expand CIDR address to IP address list
HCL
2
star
72

python-cli-tool

Makefile
2
star
73

terraform-google-terraform-cloud-notification-sink

Sink for Terraform Cloud workspace run notifications
HCL
2
star
74

kfgs3

Python
2
star
75

cfn-global-accelerator-provider

A CloudFormation custom resource provider for the Global Accelerator
Python
2
star
76

gcp-hashicorp-packer-reaper

stop or terminate dangling packer instances on GCP
Python
2
star
77

kong-s3-log-forwarder

Kong API gateway log forwarder to s3
Go
2
star
78

blog-serverless-ci-cd-with-google-cloud-platform

sample source code belonging to the blog "How to create serverless CI/CD pipelines with Google Cloud Platform"
HCL
2
star
79

blog-how-to-expose-your-api-using-google-cloud-endpoints

deployment of an API with Google Endpoints using terraform
HCL
2
star
80

aws-ssm-fargate-secrets-blog

Python
2
star
81

blog-lambda-inline

A repository for the blog 'AWS lambda inline'
Makefile
2
star
82

gcp-conf-compute-analysis

How far can we keep a secret from Google GCP? A description.
TeX
2
star
83

terraform-google-artifact-registry

Generic Google Artifact Registry module for Terraform
HCL
2
star
84

sam-eventbridge-project

Cookiecutter template for AWS SAM and EventBridge rules
Makefile
2
star
85

blog-aws-ec2-ssh-setup

A repository for the blog 'Secure Shell (SSH) setup with Amazon EC2'
Makefile
2
star
86

aws-cdk-and-cdk8s-example-project

Go
2
star
87

terraform-aws-ssm-secrets

This module facilitates the creation of parameter store secure strings using the aws_kms_secrets data source, allowing us to keep and manage secret definitions in git without exposing them.
HCL
2
star
88

terraform-google-secret-manager

Generic google Secrets manager module for Terraform
HCL
1
star
89

terraform-aws-s3-bucket

Generic S3 module for Terraform
HCL
1
star
90

tf-serverless-image-caption-generator

Serverless application that generates captions for images uploaded to a bucket and stores the captions in Firestore. Deployed with Terraform.
HCL
1
star
91

terraform-replace-triggered-by

Exploring the replace_triggered_by lifecycle argument
HCL
1
star
92

blog-serverless-ci-cd-of-docker-images-with-aws

a CloudFormation template which creates a serverless CI/CD pipeline for Docker images in AWS
1
star
93

cookiecutter-bootstrap-ci-cd-pipeline-on-google-cloud-platform

Template for starting a serverless CI/CD pipeline on Google Cloud Platform
HCL
1
star
94

blog-serverless-battleship

A repository for the blog 'Serverless Battleship'
Python
1
star
95

sagemaker-with-service-catalog

How to create a self-service, on-demand Sagemaker for data analysts with AWS Service Catalog.
1
star
96

terraform-google-gke

Generic Google GKE module for Terraform
HCL
1
star
97

blog-cloudwatch-subscription-elasticsearch-lambda

A repository for the blog 'Ingesting CloudWatch logs in real-time with AWS Lambda and AWS Elasticsearch Service'
Python
1
star
98

terratest-runner

Run terratest from your Terraform directory
Dockerfile
1
star
99

terraform-google-cloudsql

Generic Google CloudSQL module for Terraform
HCL
1
star
100

blog-login-to-ec2-instances-without-ssh

code with blog How to login to EC2 instances without SSH
Python
1
star