AWS CLI Commands

  1. We can request a certificate from AWS Certificate Manager, passing the domain name and a validation method:
aws acm request-certificate 
 --domain-name www.qnatime.net 
 --validation-method DNS 
 --profile admin

Validation methods available at DNS and email. With DNS, we need to create a CNAME record in our domain's DNS records to verify the ownership of the domain. With email, we can verify using an email address. DNS is the preferred way, as per the AWS documentation.

This command will return the ARN certificate:

  1. We can now use the describe-certificate subcommand to see the status, along with validation information:
aws acm describe-certificate 
    --certificate-arn arn:aws:acm:us-east-1:218317422462:certificate/42b3ba99-66e9-4e71-8c1c-4239c1e81c84 
    --profile admin

This command will return the validation status along with validation information:

=

The response also contains some additional information about the certificate, but will be incomplete at this point:

  1. Create a change resource record set JSON for updating the CNAME record as required for DNS validation:
{
  "Comment": "change batch request for dns validation www.qnatime.net",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "_f086ad8e4c10e38385c3c36394a06182.www.qnatime.net.",
        "Type": "CNAME",
        "TTL": 300,
        "ResourceRecords": [
          {
            "Value": "_ee9788f2dcf3eaefaa85bb096163ffd4.tljzshvwok.acm-validations.aws."
          }
        ]
      }
    }
  ]
}
  1. Execute the change-resource-record-sets subcommand of route53 CLI command:
aws route53 change-resource-record-sets 
    --hosted-zone-id Z3G50MON7IDA18 
    --change-batch file://resources/change-resource-record-sets-dns-validation.json 
    --profile admin

This command will return a change ID with the status as PENDING.

We can then use the get-change subcommand of route53 CLI command to check the status. The status should change to INSYNC when successful. 

  1. Check the status of certificate creation using the describe-certificate subcommand. It might take some time before the validation is completed and the certificate is ready to use. If successful, we should get a response as follows:

The initial part of the response contains a message about DNS validation success.

Next, the response contains additional info about the certificate and issuer:

The final part of the response contains KeyUsages, ExtendedKeyUsages, RenewalEligibility, and Options:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.171.107