Amazon Certificate Manager¶
Amazon Certificate Manager generates free certificates for TLS with Elastic Load Balancer and CloudFront, and transparently handles rotation and renewal.
When you request a certificate Amazon validate you control the domain by e-mail. For example if you requested a certificate for www.example.com it attempts to contact:
- The domain registrant
- The technical contact
- The administrative contact
admin@www.example.comadministrator@www.example.comhostmaster@www.example.compostmaster@www.example.comwebmaster@www.example.com
Note
These certificates can only be used with Amazon services - there is no way to obtain the private certificate.
If you already have a certificate that you wish to use with CloudFront or ELB you can upload it with a ServerCertificate.
Creating a certificate¶
-
class
Certificate¶ To create a certificate you just need to choose the domain it is for:
certificate = aws.add_acm_certificate( name='www.example.com', )
-
name¶ The domain name to request a certificate for.
-
validation_options¶ By default ACM will e-mail the contacts for your domain - so hostmaster@www.example.com in the previous example. You can override this:
certificate = aws.add_acm_certificate( name="www.example.com", validation_options=[{ "domain": "www.example.com", "validation_domain": "example.com", }] )
-
alternate_names¶ A list of alternative domain names this cert should be valid for, for example for
www.example.comyou might also addwww.example.net.
-