@deep-security/serverless-certificate-creator
Advanced tools
Readme
This serverless plugin creates certificates that you need for your custom domains in API Gateway. Use this in your CICD flow to automatically create a certificate, create the necessary route53 recordsets to validate the certificate with Dns-Validation and finally wait until the certificate has been validated.
This package is made for the serverless framework.
You can install it like this:
# Install the serverless cli
npm install -g serverless
# Or, update the serverless cli from a previous version
npm update -g serverless
Check out their getting started guide for more information here.
Make sure you have the following installed before starting:
npm i serverless-certificate-creator --save-dev
open serverless.yml and add the following:
plugins:
- serverless-certificate-creator
...
custom:
customCertificate:
//required
certificateName: 'abc.somedomain.io'
//optional
idempotencyToken: 'abcsomedomainio'
//required if hostedZoneIds is not set, alternativly as an array
hostedZoneNames: 'somedomain.io.'
//required if hostedZoneNames is not set
hostedZoneIds: 'XXXXXXXXX'
// optional default is false. if you set it to true you will get a new file (after executing serverless create-cert), that contains certificate info that you can use in your deploy pipeline, alternativly as an array
writeCertInfoToFile: false
// optional, only used when writeCertInfoToFile is set to true. It sets the name of the file containing the cert info
certInfoFileName: 'cert-info.yml'
// optional - default is us-east-1 which is required for custom api gateway domains of Type Edge (default)
region: eu-west-1
//optional - see SubjectAlternativeNames https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ACM.html#requestCertificate-property
subjectAlternativeNames :
- 'www.somedomain.io'
- 'def.somedomain.io'
//optional - see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ACM.html#addTagsToCertificate-property
//if you want to give your certificate a name that is shown in the ACM Console you can add a Tag with the key "Name"
tags:
Name: 'somedomain.com'
Environment: 'prod'
//optional default false. this is useful if you managed to delete your certificate but the dns validation records still exist
rewriteRecords: false
now you can run:
serverless create-cert
To remove the certificate and delete the CNAME recordsets from route53, run:
serverless remove-cert
If you combine this plugin with serverless-domain-manager you can automate the complete process of creating a custom domain with a certificate. I found serverless-domain-manager very useful but i also wanted to be able to automatically create the certificate for the newly generated custom domain.
Install the plugins:
npm i serverless-certificate-creator --save-dev
npm i serverless-domain-manager --save-dev
Open serverless.yml and add the following:
plugins:
- serverless-certificate-creator
- serverless-domain-manager
...
custom:
customDomain:
domainName: abc.somedomain.io
certificateName: 'abc.somedomain.io'
basePath: ''
stage: ${self:provider.stage}
createRoute53Record: true
customCertificate:
certificateName: 'abc.somedomain.io' //required
idempotencyToken: 'abcsomedomainio' //optional
hostedZoneNames: 'somedomain.io.' //required if hostedZoneIds is not set
hostedZoneIds: 'XXXXXXXXX' //required if hostedZoneNames is not set
region: eu-west-1 // optional - default is us-east-1 which is required for custom api gateway domains of Type Edge (default)
enabled: true // optional - default is true. For some stages you may not want to use certificates (and custom domains associated with it).
rewriteRecords: false
Now you can run:
serverless deploy, and the certificate will be created
Please make sure to check out the complete sample project here.
Since version 1.2.0 of this plugin you can use the following syntax to access the certificates Arn in other plugins
${certificate:${self:custom.customCertificate.certificateName}:CertificateArn}
see the serverless docs for more information
Copyright (c) 2018 Bastian Töpfer, contributors.
Released under the MIT license.
FAQs
creates a certificate that can be used for custom domains for your api gateway
The npm package @deep-security/serverless-certificate-creator receives a total of 19 weekly downloads. As such, @deep-security/serverless-certificate-creator popularity was classified as not popular.
We found that @deep-security/serverless-certificate-creator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.