runway.cfngin.hooks.acm module

CFNgin hooks for AWS Certificate Manager.

class runway.cfngin.hooks.acm.Certificate[source]

Bases: Hook

Hook for managing a AWS::CertificateManager::Certificate.

Keyword Arguments:
  • alt_names (list[str]) – Additional FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for which the domain field is www.example.com if users can reach your site by using either name.

  • domain (str) – The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.

  • hosted_zone_id (str) – The ID of the Route 53 Hosted Zone that contains the resource record sets that you want to change. This must exist in the same account that the certificate will be created in.

  • stack_name (str | None) – Provide a name for the stack used to create the certificate. If not provided, the domain is used (replacing . with -).

  • ttl (int) – The resource record cache time to live (TTL), in seconds. (default: 300)

Example

pre_deploy:
  example-wildcard-cert:
    path: runway.cfngin.hooks.acm.Certificate
    required: true
    args:
      domain: '*.example.com'
      hosted_zone_id: ${xref example-com::HostedZoneId}
ARGS_PARSER

alias of HookArgs

__init__(context: CfnginContext, provider: Provider, **kwargs: Any) None[source]

Instantiate class.

Parameters:
  • context – Context instance. (passed in by CFNgin)

  • provider – Provider instance. (passed in by CFNgin)

  • **kwargs – Arbitrary keyword arguments.

deploy(status: Status | None = None) dict[str, str][source]

Deploy an ACM Certificate.

destroy(records: list[ResourceRecordTypeDef] | None = None, skip_r53: bool = False) bool[source]

Destroy an ACM certificate.

Parameters:
  • records – List of validation records to remove from Route 53. This can be provided in cases were the certificate has been deleted during a rollback.

  • skip_r53 – Skip the removal of validation records.

domain_changed() bool[source]

Check to ensure domain has not changed for existing stack.

get_certificate(interval: int = 5) str[source]

Get the certificate being created by a CloudFormation.

Parameters:

interval – Number of seconds to wait between attempts.

Returns:

Certificate ARN.

get_validation_record(cert_arn: str | None = None, *, interval: int = 5, status: str = 'PENDING_VALIDATION') ResourceRecordTypeDef[source]

Get validation record from the certificate being created.

Parameters:
  • cert_arn – ARN of the certificate to validate.

  • interval – Number of seconds to wait between attempts.

  • status – Validation status to look for when finding a validation record. Typically only “PENDING_VALIDATION” or “SUCCESS” will be used.

Raises:

ValueError – No pending or too many pending certificates.

post_deploy() dict[str, str][source]

Run during the post_deploy stage.

post_destroy() bool[source]

Run during the post_destroy stage.

pre_deploy() dict[str, str][source]

Run during the pre_deploy stage.

pre_destroy() bool[source]

Run during the pre_destroy stage.

put_record_set(record_set: ResourceRecordTypeDef) None[source]

Create/update a record set on a Route 53 Hosted Zone.

Parameters:

record_set – Record set to be added to Route 53.

remove_validation_records(records: list[ResourceRecordTypeDef] | None = None) None[source]

Remove all record set entries used to validate an ACM Certificate.

Parameters:

records – List of validation records to remove from Route 53. This can be provided in cases were the certificate has been deleted during a rollback.

update_record_set(record_set: ResourceRecordTypeDef) None[source]

Update a validation record set when the cert has not changed.

Parameters:

record_set – Record set to be updated in Route 53.

pydantic model runway.cfngin.hooks.acm.HookArgs[source]

Bases: HookArgsBaseModel

Hook arguments.

Show JSON schema
{
   "title": "HookArgs",
   "description": "Hook arguments.",
   "type": "object",
   "properties": {
      "tags": {
         "additionalProperties": {
            "type": "string"
         },
         "default": {},
         "title": "Tags",
         "type": "object"
      },
      "alt_names": {
         "default": [],
         "items": {
            "type": "string"
         },
         "title": "Alt Names",
         "type": "array"
      },
      "domain": {
         "title": "Domain",
         "type": "string"
      },
      "hosted_zone_id": {
         "title": "Hosted Zone Id",
         "type": "string"
      },
      "stack_name": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Stack Name"
      },
      "ttl": {
         "default": 300,
         "title": "Ttl",
         "type": "integer"
      }
   },
   "required": [
      "domain",
      "hosted_zone_id"
   ]
}

field alt_names: list[str] = []
field domain: str = PydanticUndefined
field hosted_zone_id: str = PydanticUndefined
field stack_name: str | None = None
field ttl: int = 300