Skip to content

Instantly share code, notes, and snippets.

Created October 27, 2017 22:41
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save intentionally-left-nil/7c7410c3657bad6842f9c3e1026ad36b to your computer and use it in GitHub Desktop.
Updating a cloudfront SSL certificate via boto
import boto3
import os
from copy import deepcopy
acm = boto3.client('acm')
cloudfront = boto3.client('cloudfront')
cert_arn = None
with open(os.path.join(base, 'cert.pem'), 'rb') as cert, open(os.path.join(base, 'fullchain.pem'), 'rb') as chain, open(os.path.join(base, 'privkey.pem'), 'rb') as priv_key:
response = acm.import_certificate(,,
if response['HTTPStatusCode'] == 200:
cert_arn = response['CertificateArn']
old_certificate = None
for cf_id in cf_ids:
response = cloudfront.get_distribution_config(Id=cf_id)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
new_config = deepcopy(response['DistributionConfig'])
old_certificate = new_config['ViewerCertificate']['ACMCertificateArn']
new_config['ViewerCertificate']['ACMCertificateArn'] = cert_arn
update_response = cloudfront.update_distribution(DistributionConfig=new_config, Id=cf_id, IfMatch=response['ETag'])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment