1.0.1 • Published 7 years ago
@operator-error/pulumi-lambda-cert v1.0.1
@operator-error/pulumi-lambda-cert
This is a package containing components for use with Pulumi, a tool for provisioning cloud infrastructure based on a description written with general purpose programming languages.
This package provides a component named LambdaCert, which can be used to create the resources
needed to run Lambda Cert, a function for maintaining Let's Encrypt certificates using
AWS Lambda.
Usage
import { LambdaCert, LambdaCertOutputs, letsEncryptV2ProductionUrl } from "@operator-error/pulumi-lambda-cert"
async function main(): Promise<LambdaCertOutputs> {
	return await LambdaCert.create("vault", {
		// A Description of the purpose of this configuration (e.g. "Vault", "HAProxy"). Used in Tags.
		description: "Vault",
		// These tags will be applied to every object which supports tagging.
		// Avoid using `Name`, since this will be overridden by many components.
		baseTags: {
			Project: "Staging Vault",
		},
		// The part of the domain name for which a certificate is required which does _not_
		// form part of the hosted zone name. For example, if requesting a certificate for
		// `*.vault.operator-error.com`, and the public hosted zone is for `operator-error.com`,
		// `domainNamePrefix` should be set to `*.vault` (without a trailing `.`).
		domainNamePrefix: "vault-staging",
		// The part of the domain name for which a certificate is required which is included
		// in the hosted zone name.
		route53DomainName: "operator-error.com",
		// The admin email address to provide to the ACME service when creating an account.
		adminEmail: "webmaster@operator-error.com",
		// The URL of the ACME server. Defaults to Let's Encrypt ACME V2 Staging. Constants
		// are exported from the package for both Let's Encrypt staging and production.
		acmeUrl: letsEncryptV2ProductionUrl,
		// If set to true, add the certificate to an Java KeyStore encrypted with the same
		// KMS key as the private key, and uploaded to the bucket along with the certificate
		// and encrypted private key.
		generateJavaKeyStore: true,
		// If set to true, force delete the entire contents of the bucket when destroying
		// the component using Pulumi. This can be useful for quick iteration in development
		// when using a staging endpoint, though be wary of rate limits when using a real
		// ACME service.
		emptyBucketOnDestroy: true,
	});
}
const outputs = main();
export const keyBucketArn = outputs.then(o => o.keyBucketArn);
export const keyBucketName = outputs.then(o => o.keyBucketName);
export const kmsKeyArn = outputs.then(o => o.kmsKeyArn);
export const kmsKeyId = outputs.then(o => o.kmsKeyId);Running a pulumi preview of the above program in the us-west-2 region results in the following:
❯ pulumi preview
Previewing update of stack 'vault-staging'
Previewing changes:
     Type                                 Name                                   Plan       Info
 +   pulumi:pulumi:Stack                  pulumi-lambda-cert-test-vault-staging  create
 +   └─ operator-error:aws:LambdaCert     vault-lambda-cert                      create
 +      ├─ aws:iam:Role                   vault-lambda-cert-function-role        create
 +      │  └─ aws:iam:RolePolicy          vault-lambda-cert-function-policy      create
 +      ├─ aws:kms:Key                    vault-lambda-cert-kms-key              create
 +      ├─ aws:s3:Bucket                  vault-lambda-cert-bucket               create
 +      ├─ aws:lambda:Function            vault-lambda-cert-function             create
 +      │  └─ aws:lambda:Permission       vault-lambda-cert-permission           create
 +      └─ aws:cloudwatch:EventRule       vault-lambda-cert-schedule             create
 +         └─ aws:cloudwatch:EventTarget  vault-lambda-cert-target               create
info: 10 changes previewed:
    + 10 resources to createLicense
This package is licensed under the Mozilla Public License, v2.0.
Contributing
Please feel free to open issues or pull requests on GitHub.