CloudFormation Template

The certificate request process requires user interaction to verify the domain and hence it cannot be fully automated with CloudFormation scripts. However, I will still provide two templates to request for a certificate and verify the DNS. In the real world, you may just verify from the AWS Management Console or AWS CLI:

  1. Use the following CloudFormation template for requesting a certificate from CloudFormation:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Certificate Manager'
Parameters:
  RootDomainName:
    Description: Domain name for generating certificate
    Type: String
Resources:
  RootDomainCert:
    Type: AWS::CertificateManager::Certificate
    Properties:
      DomainName: !Ref RootDomainName
      ValidationMethod: DNS
Outputs:
  CertificateArn:
    Value: !Ref RootDomainCert
  1. Execute the template using the create-stack subcommand in us-east-1 region (the default).

The stack will be created in the CREATE_IN_PROGRESS state, as we can verify with the describe-stacks subcommand. 

  1. Use the describe-stack-events subcommand to get the CNAME values for DNS validation:
aws cloudformation describe-stack-events 
    --stack-name cnamerecordsetstack 
    --profile admin

The CloudFormation stack with a resource of type AWS::CertificateManager::Certificate stays in the response state of CREATE_IN_PROGRESS until we verify the DNS with CNAME. CNAME is provided as an event during stack creation. If successful, the preceding command will return the list of events along with the details for the CNAME record in one of the event as shown here:

  1. Add a CNAME record for DNS validation in the domain's HostedZone.

You can use the RecordSetGroup resource to add a CNAME record in a new template file:

CNAMERecordSetGroup:
  Type: AWS::Route53::RecordSetGroup
  Properties:
    HostedZoneName: !Ref HostedZone
    Comment: Zone apex alias.
    RecordSets:
    -
      Name: !Ref CNAMEname
      Type: CNAME
      TTL: 900
      ResourceRecords:
        - !Ref CNAMEValue

Note that this is not a complete template. We also need to define three parameters, HostedZone, CNAMEname, and CNAMEValue, of type string. We can also define the template version and a description. The completed template is available in the code files.

  1. After adding the CNAME record with the second stack, we can execute the describe-stacks subcommand against the first stack (certificate stack) and check the status until it is completed.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.52.188