Skip to content

Instantly share code, notes, and snippets.

@intentionally-left-nil
Created October 27, 2017 22:41
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save intentionally-left-nil/7c7410c3657bad6842f9c3e1026ad36b to your computer and use it in GitHub Desktop.
Updating a cloudfront SSL certificate via boto
import boto3
import os
from copy import deepcopy
acm = boto3.client('acm')
cloudfront = boto3.client('cloudfront')
cf_ids = ['YOUR_CLOUDFRONT_ID_HERE', 'YOUR_SECOND_CLOUDFRONT_ID_HERE']
base = 'DIRECTORY_TO_YOUR SSL CERTS'
cert_arn = None
with open(os.path.join(base, 'cert.pem'), 'rb') as cert, open(os.path.join(base, 'fullchain.pem'), 'rb') as chain, open(os.path.join(base, 'privkey.pem'), 'rb') as priv_key:
response = acm.import_certificate(
Certificate=cert.read(),
PrivateKey=priv_key.read(),
CertificateChain=chain.read()
)
if response['HTTPStatusCode'] == 200:
cert_arn = response['CertificateArn']
old_certificate = None
for cf_id in cf_ids:
response = cloudfront.get_distribution_config(Id=cf_id)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
new_config = deepcopy(response['DistributionConfig'])
old_certificate = new_config['ViewerCertificate']['ACMCertificateArn']
new_config['ViewerCertificate']['ACMCertificateArn'] = cert_arn
update_response = cloudfront.update_distribution(DistributionConfig=new_config, Id=cf_id, IfMatch=response['ETag'])
acm.delete_certificate(CertificateArn=old_certificate)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment