[Wishlist] allow updating of CloudFront certificates too

Question

[Wishlist] allow updating of CloudFront certificates too

grischard opened this issue 9 years ago · 3 comments

Answer 1 · 2016-04-05T20:07:22.000Z

From an API perspective, what's involved in updating a cloudfront cert? If
you can point me to the API, I think it'd be straigthforward.

On Tue, Apr 5, 2016 at 3:47 PM, Guillaume Rischard <notifications@github.com

wrote:

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#41

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6

Answer 2 · 2016-04-06T17:00:04.000Z

Thank you! It looks like you need to update the ViewerCertificate part of the CloudFront distribution config:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html

Maybe

https://boto3.readthedocs.org/en/latest/reference/services/cloudfront.html#CloudFront.Client.get_distribution_config to get the config object, get the IamCertificateId to check for expiration, then update the object to set CloudFrontDefaultCertificate to false and IamCertificateId to the new one, then https://boto3.readthedocs.org/en/latest/reference/services/cloudfront.html#CloudFront.Client.update_distribution to set the new config.

The port is irrelevant for cloudfront, there's only one certificate per distribution.

Answer 3 · 2016-04-09T00:58:17.000Z

PR #44 covers this, but it needs a bunch of testing, I don't have CF distribution set up to make sure this works.