Amazon Certificate Manager¶
Amazon Certificate Manager generates free certificates for TLS with Elastic Load Balancer and CloudFront, and transparently handles rotation and renewal.
When you request a certificate Amazon validate you control the domain by e-mail. For example if you requested a certificate for www.example.com
it attempts to contact:
- The domain registrant
- The technical contact
- The administrative contact
admin@www.example.com
administrator@www.example.com
hostmaster@www.example.com
postmaster@www.example.com
webmaster@www.example.com
Note
These certificates can only be used with Amazon services - there is no way to obtain the private certificate.
If you already have a certificate that you wish to use with CloudFront or ELB you can upload it with a ServerCertificate
.
Creating a certificate¶
-
class
Certificate
¶ To create a certificate you just need to choose the domain it is for:
certificate = aws.add_acm_certificate( name='www.example.com', )
-
name
¶ The domain name to request a certificate for.
-
validation_options
¶ By default ACM will e-mail the contacts for your domain - so hostmaster@www.example.com in the previous example. You can override this:
certificate = aws.add_acm_certificate( name="www.example.com", validation_options=[{ "domain": "www.example.com", "validation_domain": "example.com", }] )
-
alternate_names
¶ A list of alternative domain names this cert should be valid for, for example for
www.example.com
you might also addwww.example.net
.
-