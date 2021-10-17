Table of Contents

Description

This serverless plugin creates certificates that you need for your custom domains in API Gateway. Use this in your CICD flow to automatically create a certificate, create the necessary route53 recordsets to validate the certificate with Dns-Validation and finally wait until the certificate has been validated.

Serverless Framework

This package is made for the serverless framework.

You can install it like this:

npm install -g serverless npm update -g serverless

Check out their getting started guide for more information here.

Usage Requirements

Make sure you have the following installed before starting:

Usage

npm i serverless-certificate-creator --save-dev

open serverless.yml and add the following:

plugins : - serverless-certificate-creator ... custom : customCertificate : certificateName : 'abc.somedomain.io' idempotencyToken : 'abcsomedomainio' hostedZoneNames : 'somedomain.io.' hostedZoneIds : 'XXXXXXXXX' writeCertInfoToFile : false certInfoFileName : 'cert-info.yml' region : eu-west- 1 subjectAlternativeNames : - 'www.somedomain.io' - 'def.somedomain.io' tags : Name : 'somedomain.com' Environment : 'prod' rewriteRecords : false

now you can run:

serverless create-cert

To remove the certificate and delete the CNAME recordsets from route53, run:

serverless remove-cert

Combine with serverless-domain-manager

If you combine this plugin with serverless-domain-manager you can automate the complete process of creating a custom domain with a certificate. I found serverless-domain-manager very useful but i also wanted to be able to automatically create the certificate for the newly generated custom domain.

Examples

Install the plugins:

npm i serverless-certificate-creator npm i serverless- domain -manager

Open serverless.yml and add the following:

plugins: - serverless-certificate-creator - serverless-domain-manager ... custom: customDomain: domainName: abc.somedomain.io certificateName: 'abc.somedomain.io' basePath: '' stage: ${self:provider.stage} createRoute53Record: true customCertificate: certificateName: 'abc.somedomain.io' //required idempotencyToken: 'abcsomedomainio' //optional hostedZoneNames: 'somedomain.io.' //required if hostedZoneIds is not set hostedZoneIds: 'XXXXXXXXX' //required if hostedZoneNames is not set region: eu-west-1 // optional - default is us-east-1 which is required for custom api gateway domains of Type Edge (default) enabled: true // optional - default is true . For some stages you may not want to use certificates (and custom domains associated with it). rewriteRecords: false

Now you can run:

serverless create-cert serverless create_domain

Please make sure to check out the complete sample project here.

Reference Certificate Arn via variableResolvers

Since version 1.2.0 of this plugin you can use the following syntax to access the certificates Arn in other plugins

${certificate:${self:custom.customCertificate.certificateName} :CertificateArn}

If you are on version >= 2.27.0 of serverless & have elected to use the variable resolver: variablesResolutionMode: 20210219 . You must use this supported syntax which is:

${certificate:${self:custom.customCertificate.certificateName} .CertificateArn}

For the new variable resolver: variablesResolutionMode: 20210326 : The new supported syntax is:

${certificate(${self:custom.customCertificate.certificateName} ):CertificateArn}

see the serverless docs for more information

License

Copyright (c) 2018 Bastian Töpfer, contributors.

Released under the MIT license.