Skip to content
/ route53-dns-challenge-updater Public

AWS Route53 DNS challenge updater plugin for Certificate Manager Service

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

capabilityio/route53-dns-challenge-updater

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
errors
errors
 
 
handlers
handlers
 
 
schema
schema
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
index.test.js
index.test.js
 
 
package.json
package.json
 
 

Repository files navigation

route53-dns-challenge-updater

Stability: 0 - Deprecated

AWS Route53 DNS challenge updater plugin for Certificate Manager Service.

Contents

Installation

The intended usage of route53-dns-challenge-updater is as part of capability-cli certificate-manager config aws functionality.

Alternatively, to install locally:

npm install route53-dns-challenge-updater

Usage

This module is intended to be executed as an AWS Lambda function as part of capability-cli certificate-manager config aws functionality that configures this module as well as grants the requisite permissions and creates required supporting infrastructure.

Required IAM Permissions:

PolicyDocument:
  Version: 2012-10-17
  Statement:
    - Effect: Allow
      Action:
        - "route53:ListHostedZones"
        - "route53:ChangeResourceRecordSets"
        - "route53:GetChange"
      Resource:
        - "*"

For a more restricted set, you can limit route53:ChangeResourceRecordSets to a specific HostedZoneId:

PolicyDocument:
  Version: 2012-10-17
  Statement:
    - Effect: Allow
      Action:
        - "route53:ListHostedZones"
        - "route53:GetChange"
      Resource:
        - "*"
    - Effect: Allow
      Action:
        - "route53:ChangeResourceRecordSets"
      Resource:
        - "arn:aws:route53:::hostedzone/${HostedZoneId}"

Tests

npm test

Documentation

Updater.handle(message, context, callback)

  • message: Object Message from Certificate Manager Service requesting a challenge update.
    • capabilities: Object Capabilities included in the message.
      • challengeUpdated: CapabilityURI Capability to invoke once challenge has been updated.
    • challenge: String Challenge to update with.
    • domain: String Domain name for which to update the challenge.
  • context: Object AWS Lambda context.
  • callback: Function (error, resp) => {} AWS Lambda callback.

Retrieves AWS Route53 hosted zone id for the domain. Creates a _acme-challenge.${domain}. TXT record containing the challenge. Invokes capabilities.challengeUpdated on success, fails otherwise.

Errors

BadRequest

Inbound request message does not match schema.

NotFound

Domain to update challenge for not found.

ServiceUnavailable

The challenge updater is unavailable, please try again soon.

Releases

Policy

We follow the semantic versioning policy (semver.org) with a caveat:

Given a version number MAJOR.MINOR.PATCH, increment the:

MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.

caveat: Major version zero is a special case indicating development version that may make incompatible API changes without incrementing MAJOR version.

About

AWS Route53 DNS challenge updater plugin for Certificate Manager Service

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 6

v0.3.0 Latest
Jul 12, 2020
+ 5 releases

Packages

No packages published

Languages