ajorg/certbot-s3front-deploy-renewed.sh

## certbot-s3front-deploy-renewed.sh
# Copyright (c) Andrew Jorgensen. All rights reserved.
# SPDX-License-Identifier: MIT-0

# Requires jq and assumes AWS CLI --output json

DISTRIBUTION_ID="<YOUR DISTRIBUTION ID>"
DISTRIBUTION_CONFIG="$(
  aws cloudfront get-distribution-config \
    --id "${DISTRIBUTION_ID}" \
    | jq -c .)"

# FRAGILE! Picks a certificate created today (UTC).
CERTIFICATE_ID="$(
  aws iam list-server-certificates \
    | jq -r ".ServerCertificateMetadataList[]
             | select(.UploadDate | startswith(\"$(date --utc +%F)T\"))
             | .ServerCertificateId")"

aws cloudfront update-distribution \
  --id "${DISTRIBUTION_ID}" \
  --if-match "$(jq -r '.ETag' <<<"${DISTRIBUTION_CONFIG}")" \
  --distribution-config "$(
    jq -c --arg certificate "${CERTIFICATE_ID}" \
      '.DistributionConfig
       | .ViewerCertificate.IAMCertificateId = $certificate
       | .ViewerCertificate.Certificate = $certificate' \
      <<<"${DISTRIBUTION_CONFIG}")"
	# Copyright (c) Andrew Jorgensen. All rights reserved.
	# SPDX-License-Identifier: MIT-0

	# Requires jq and assumes AWS CLI --output json

	DISTRIBUTION_ID="<YOUR DISTRIBUTION ID>"
	DISTRIBUTION_CONFIG="$(
	aws cloudfront get-distribution-config \
	--id "${DISTRIBUTION_ID}" \
	\| jq -c .)"

	# FRAGILE! Picks a certificate created today (UTC).
	CERTIFICATE_ID="$(
	aws iam list-server-certificates \
	\| jq -r ".ServerCertificateMetadataList[]
	\| select(.UploadDate \| startswith(\"$(date --utc +%F)T\"))
	\| .ServerCertificateId")"

	aws cloudfront update-distribution \
	--id "${DISTRIBUTION_ID}" \
	--if-match "$(jq -r '.ETag' <<<"${DISTRIBUTION_CONFIG}")" \
	--distribution-config "$(
	jq -c --arg certificate "${CERTIFICATE_ID}" \
	'.DistributionConfig
	\| .ViewerCertificate.IAMCertificateId = $certificate
	\| .ViewerCertificate.Certificate = $certificate' \
	<<<"${DISTRIBUTION_CONFIG}")"