Anyone have any python-specific implementations of using the ACM certificate w/ R53 + DNS validation…? https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificate/

Can you share your code?

I have a basic infra Pulumi stack where I also define public zones I want to manage. This is the relevant part of the Pulumi program:

# Create a reusable delegation set.
delegation_set = aws.route53.DelegationSet(
    "infra-delegation-set", opts=pulumi.ResourceOptions(protect=True)
)

# Create public DNS zones.
for zone_name in config.require_object("public_zones"):
    parts = tldextract.extract(zone_name)
    domain = f"{parts.domain}.{parts.suffix}"

    # Create a DNS zone.
    zone = aws.route53.Zone(
        f"infra-zone-{domain}",
        delegation_set_id=delegation_set.id,
        name=zone_name,
    )

    # Create a wildcard certificate in default region.
    certificate = aws.acm.Certificate(
        f"infra-certificate-{domain}-{aws.config.region}",
        domain_name=f"*.{domain}",
        subject_alternative_names=[domain],
        validation_method="DNS",
    )

    # Create a certificate validation record.
    aws.route53.Record(
        f"infra-{domain}-certificate-validation",
        name=certificate.domain_validation_options.apply(
            lambda opts: opts[0].resource_record_name
        ),
        type=certificate.domain_validation_options.apply(
            lambda opts: opts[0].resource_record_type
        ),
        records=[
            certificate.domain_validation_options.apply(
                lambda opts: opts[0].resource_record_value
            )
        ],
        zone_id=zone.id,
        ttl=600,
    )