Created
February 8, 2016 11:36
-
-
Save akira345/31ff534048a8c08c8e83 to your computer and use it in GitHub Desktop.
ELBの証明書を更新するRubyスクリプトです。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
# | |
# ELBにSSL証明書をセットするスクリプトです。 | |
# 要 AWS SDK for Ruby V2 | |
require 'aws-sdk-core' | |
require 'yaml' | |
require 'pp' | |
config = YAML.load(File.read("config.yml")) | |
Aws.config[:credentials] = Aws::Credentials.new(config['access_key_id'],config['secret_access_key']) | |
iam = Aws::IAM::Client.new(region:config['region']) | |
elb = Aws::ElasticLoadBalancing::Client.new(region:config['region']) | |
#### 設定 #################################### | |
elb_name = "example_elb" # セットするELB名 | |
# 証明書ファイル | |
ca_file = "www.example.com.ca" # 中間証明書ファイル | |
crt_file = "www.example.com.crt" # 証明書ファイル | |
key_file = "www.example.com.key" # 秘密鍵ファイル | |
############################################## | |
d = Date.today | |
certificate_name = "#{elb_name}_" + d.strftime("%Y%m%d") | |
# 証明書ファイルを読み込む。中身の妥当性まではチェックしない。 | |
ca = File.read(ca_file) | |
crt = File.read(crt_file) | |
key = File.read(key_file) | |
@arn = "" | |
def certificate_exists?(iam,certificate_name) | |
#証明書存在チェック | |
begin | |
resp = iam.get_server_certificate({ | |
server_certificate_name: certificate_name | |
}) | |
@arn = resp.server_certificate.server_certificate_metadata.arn | |
rescue Aws::IAM::Errors::NoSuchEntity => e | |
return false | |
rescue => e | |
pp "エラー発生!" | |
pp e.message | |
exit 1 | |
end | |
return true | |
end | |
if (!certificate_exists?(iam,certificate_name)) | |
begin | |
resp = iam.upload_server_certificate({ | |
server_certificate_name: certificate_name, | |
certificate_body: crt, | |
private_key: key, | |
certificate_chain: ca, | |
}) | |
@arn = resp.server_certificate_metadata.arn | |
pp "証明書アップロード完了。" | |
rescue => e | |
pp "エラー発生!" | |
pp e.message | |
exit 1 | |
end | |
else | |
pp "既に証明書がセット済みです。" | |
end | |
# ELBへ証明書をセット | |
begin | |
elb.set_load_balancer_listener_ssl_certificate({ | |
load_balancer_name: elb_name, | |
load_balancer_port: "443", | |
ssl_certificate_id: @arn | |
}) | |
pp "ELBへの証明書セット完了!!" | |
rescue => e | |
pp "エラー発生!" | |
pp e.message | |
exit 1 | |
end | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment