Add Amazon Certificate Manager deploy hook

2025-05-08 22:12:44 +00:00 · 2018-02-22 22:01:19 +00:00 · 2018-02-22 22:01:19 +00:00 · 48d932baba
commit 48d932baba
parent 293b258121
1 changed files with 80 additions and 0 deletions
--- a/deploy/aws_acm.sh
+++ b/deploy/aws_acm.sh
@ -0,0 +1,80 @@
+#!/usr/bin/env sh
+
+#Here is a script to deploy cert to Amazon Certificate Manager.
+
+#returns 0 means success, otherwise error.
+
+# shellcheck source=common/aws.sh
+. "$LE_WORKING_DIR/common/aws.sh"
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+aws_acm_deploy() {
+  _cdomain="$1" _ckey="$2" _ccert="$3" _cca="$4" _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  _regions="${AWS_ACM_REGIONS:-$(_readdomainconf Aws_Acm_Regions)}"
+
+  if [ -z "$_regions" ]; then
+    _err "no ACM regions to use when deploying $_cdomain"
+    return 1
+  fi
+
+  _savedomainconf Aws_Acm_Regions "$_regions"
+
+  _ret=0
+  for _region in $(printf %s "$_regions" | tr ',' ' '); do
+    _debug _region "$_region"
+
+    _arn="$(_get_arn "$_cdomain" "$_region")"
+    _debug2 _arn "$_arn"
+
+    _json="{$(
+      _fmt_json \
+        CertificateArn "$_arn" \
+        Certificate "$(_base64 <"$_ccert")" \
+        CertificateChain "$(_base64 <"$_cca")" \
+        PrivateKey "$(_base64 <"$_ckey")"
+    )}"
+    _secure_debug2 _json "$_json"
+
+    if ! _aws acm ImportCertificate "$_region" "$_json" >/dev/null; then
+      _err "unable to deploy $_cdomain to ACM in $_region"
+      _ret=2
+    fi
+  done
+
+  return $_ret
+}
+
+_get_arn() {
+  _page='"MaxItems": 20'
+  _next="$_page"
+  while [ "$_next" ]; do
+    resp="$(_aws acm ListCertificates "$2" "{$_next,$_page}")"
+    [ "$?" -eq 0 ] || return 2
+    printf %s "$resp" |
+      _normalizeJson |
+      tr '{}' '\n' |
+      grep -F "\"DomainName\":\"$1\"" |
+      _egrep_o "arn:aws:acm:$2:[^\"]+" |
+      grep "^arn:aws:acm:$2:"
+    [ "$?" -eq 0 ] && return
+    _next="$(printf %s "$resp" | _egrep_o '"NextToken":"[^"]+"')"
+    _debug3 _next "$_next"
+  done
+  return 1
+}
+
+_fmt_json() {
+  while [ "$#" -gt 1 ]; do
+    [ "$2" ] && printf '"%s":"%s"\n' "$1" "$2"
+    shift 2
+  done | paste -sd ','
+}