Skip to main content

acm

request certificate

This sample will create certificate in us-east-1 region.

myregion=us-east-1
myfqdn=www.example.com
aws acm list-certificates --region ${myregion}
aws acm request-certificate --region ${myregion} --domain-name ${myfqdn} --validation-method DNS
CertificateArn=$(aws acm list-certificates --region ${myregion} --query 'CertificateSummaryList[?DomainName == `'${myfqdn}'`].CertificateArn' --output text)
aws acm describe-certificate --region ${myregion} --certificate-arn ${CertificateArn}
aws acm describe-certificate --region ${myregion} --certificate-arn ${CertificateArn} --query 'Certificate.DomainValidationOptions[].ResourceRecord'

add Route53 entry

myodmain=exapmle.com
id=$(aws route53 list-hosted-zones --query 'HostedZones[?Name == `'${mydomain}.'`].Id' --output text)
aws route53 get-hosted-zone --id ${id}
aws route53 list-resource-record-sets --hosted-zone-id ${id}

create change batch

$ jq . change-batch.json 
{
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "xxxxxx.example.com.",
        "Type": "CNAME",
        "TTL": 3600,
        "ResourceRecords": [
          {
            "Value": "xxxx.acm-validations.aws."
          }
        ]
      }
    }
  ]
}

aws route53 change-resource-record-sets --hosted-zone-id ${id} --change-batch file://change-batch.json
aws route53 get-change --id /change/xxxxxxxx

confirm the result

aws acm describe-certificate --region ${myregion} --certificate-arn ${CertificateArn}
aws acm get-certificate --region ${myregion} --certificate-arn ${CertificateArn}
aws acm get-certificate --region ${myregion} --certificate-arn ${CertificateArn} --query 'Certificate' --output text | openssl x509 -noout -text