Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create an Amazon issued certificate in ACM. Uses Route53 for DNS verification
- hosts: localhost
gather_facts: no
vars:
aws_profile: "aws_account_name"
acm_domain: "example.com"
acm_extra_domains: "*.example.com"
acm_idempotency_token: "examplecomtoken"
dns_zone: "example.com"
environment:
AWS_PROFILE: "{{ aws_profile }}"
tasks:
- name: request certificate
command: |
aws acm request-certificate \
--domain-name '{{ acm_domain }}' \
--subject-alternative-names "{{ acm_extra_domains }}"
--validation-method DNS \
--idempotency-token {{ acm_idempotency_token }} \
--options CertificateTransparencyLoggingPreference=DISABLED \
--query CertificateArn \
--output text
register: cert_arn
- name: get validation options
command: |
aws acm describe-certificate \
--certificate-arn {{ cert_arn.stdout }} \
--query "Certificate.DomainValidationOptions[].ResourceRecord[]"
register: validation_options
retries: 10
delay: 10
until: "'CNAME' in validation_options.stdout"
- name: set dns validation request values
set_fact:
dns_validation: "{{ validation_options.stdout | from_json }}"
- name: update DNS
route53:
zone: "{{ dns_zone }}"
record: "{{ item.Name }}"
type: CNAME
value: "{{ item.Value }}"
state: present
overwrite: yes
loop: "{{ dns_validation }}"
- name: wait for acm validation
command: aws acm wait certificate-validated --certificate-arn {{ cert_arn.stdout }}
register: acm_validation
- name: check certificate status
command: aws acm describe-certificate --certificate-arn {{ cert_arn.stdout }}
register: certificate_status
failed_when: "'\"Status\": \"ISSUED\"' not in certificate_status.stdout"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment