g

    gorgeous-minister-41131

    7 months ago
    Anyone have any python-specific implementations of using the ACM certificate w/ R53 + DNS validation…? https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificate/
    w

    witty-belgium-75866

    7 months ago
    Can you share your code?
    p

    proud-art-41399

    7 months ago
    I have a basic infra Pulumi stack where I also define public zones I want to manage. This is the relevant part of the Pulumi program:
    # Create a reusable delegation set.
    delegation_set = aws.route53.DelegationSet(
        "infra-delegation-set", opts=pulumi.ResourceOptions(protect=True)
    )
    
    # Create public DNS zones.
    for zone_name in config.require_object("public_zones"):
        parts = tldextract.extract(zone_name)
        domain = f"{parts.domain}.{parts.suffix}"
    
        # Create a DNS zone.
        zone = aws.route53.Zone(
            f"infra-zone-{domain}",
            delegation_set_id=delegation_set.id,
            name=zone_name,
        )
    
        # Create a wildcard certificate in default region.
        certificate = aws.acm.Certificate(
            f"infra-certificate-{domain}-{aws.config.region}",
            domain_name=f"*.{domain}",
            subject_alternative_names=[domain],
            validation_method="DNS",
        )
    
        # Create a certificate validation record.
        aws.route53.Record(
            f"infra-{domain}-certificate-validation",
            name=certificate.domain_validation_options.apply(
                lambda opts: opts[0].resource_record_name
            ),
            type=certificate.domain_validation_options.apply(
                lambda opts: opts[0].resource_record_type
            ),
            records=[
                certificate.domain_validation_options.apply(
                    lambda opts: opts[0].resource_record_value
                )
            ],
            zone_id=zone.id,
            ttl=600,
        )