@grucloud/module-aws-certificate

provides an AWS SSL certificate and the associated Route53 resources to validate the certificate

Usage no npm install needed!

<script type="module">
  import grucloudModuleAwsCertificate from 'https://cdn.skypack.dev/@grucloud/module-aws-certificate';
</script>

README

GruCloud Module for Aws SSL Certificate validated with DNS

The purpose of this module is to deploy an AWS SSL certificate and verify it with DNS.

When an AWS Certificate is created, the api returns information about a dns record to be added. At this point, a Route53Record resource is created with this info.

Your domain name needs to be registered with AWS Route53 Service.

Resources

This module exports the createResources function from iac.js:

Inputs:

  • provider: AWS provider,
  • resources: hostedZone. The Route53 record will be created in this hosted zone.

Outputs:

Dependency Graph

gc graph

Graph

How to use this module

The following guide explains how to consume this module by creating a simple example.

  • Create a new project with npm init
  • Install the dependencies with npm install
  • Create 2 files config.js and iac.js
  • Run the gc commands: apply, list and destroy

Create a test project

mkdir test-aws-certificate
cd test-aws-certificate
npm init

Install this module

npm i @grucloud/core @grucloud/provider-aws @grucloud/module-aws-certificate

Configuration

Create the config.js and set the certificate section according to your setup:

// config.js
const pkg = require("./package.json");
module.exports = ({ stage }) => ({
  certificate: {
    rootDomainName: "yourdomain.org",
    domainName: "anysubdomain.yourdomain.org",
  },
  projectName: pkg.name,
});

IAC

The @grucloud/module-aws-certificate module is imported with the NodeJs require and exposes the config and createResources functions.

// iac.js
const { AwsProvider } = require("@grucloud/provider-aws");
const ModuleAwsCertificate = require("@grucloud/module-aws-certificate");

exports.createStack = async ({ createProvider }) => {
  const provider = createProvider(AwsProvider, {
    configs: [require("./config"), ModuleAwsCertificate.config],
  });

  assert(provider.config.certificate);
  const { domainName, rootDomainName } = provider.config.certificate;
  assert(domainName);
  assert(rootDomainName);

  const domain = provider.Route53Domain.useDomain({
    name: rootDomainName,
  });

  const hostedZone = provider.Route53.makeHostedZone({
    name: `${domainName}.`,
    dependencies: { domain },
  });

  const certificateResources = await ModuleAwsCertificate.createResources({
    provider,
    resources: { hostedZone },
  });

  return {
    provider,
    resources: { certificateResources },
  };
};

Using the cli

At this step, you have a new project set up, configured with config.js, and the infrastructure described in iac.js

To deploy the certificate and the route53 resources, use the apply command:

gc apply

Let's check that the certificate is in the ISSUED Status

gc l -t Certificate -o

Do not forget to destroy the resources when no longer needed:

gc destroy

By default, one AWS account can destroy a maximum of 20 certificates per year, for this reason, by default, certificates are not destroyed by GruCloud. You still can delete them with the AWS CLI or web interface.