route53-dns-challenge-updater
Stability: 1 - Experimental
AWS Route53 DNS challenge updater plugin for Certificate Manager Service.
Contents
Installation
The intended usage of route53-dns-challenge-updater is as part of capability-cli certificate-manager config aws functionality.
Alternatively, to install locally:
npm install route53-dns-challenge-updater
Usage
This module is intended to be executed as an AWS Lambda function as part of capability-cli certificate-manager config aws functionality that configures this module as well as grants the requisite permissions and creates required supporting infrastructure.
Required IAM Permissions:
PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - "route53:ListHostedZones" - "route53:ChangeResourceRecordSets" - "route53:GetChange" Resource: - "*"For a more restricted set, you can limit route53:ChangeResourceRecordSets to a specific HostedZoneId:
PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - "route53:ListHostedZones" - "route53:GetChange" Resource: - "*" - Effect: Allow Action: - "route53:ChangeResourceRecordSets" Resource: - "arn:aws:route53:::hostedzone/${HostedZoneId}"Tests
npm test
Documentation
Updater.handle(message, context, callback)
message: Object Message from Certificate Manager Service requesting a challenge update.capabilities: Object Capabilities included in the message.challengeUpdated: CapabilityURI Capability to invoke once challenge has been updated.
challenge: String Challenge to update with.domain: String Domain name for which to update the challenge.
context: Object AWS Lambda context.callback: Function(error, resp) => {}AWS Lambda callback.
Retrieves AWS Route53 hosted zone id for the domain. Creates a _acme-challenge.${domain}. TXT record containing the challenge. Invokes capabilities.challengeUpdated on success, fails otherwise.
Errors
BadRequest
Inbound request message does not match schema.
NotFound
Domain to update challenge for not found.
ServiceUnavailable
The challenge updater is unavailable, please try again soon.
Releases
Policy
We follow the semantic versioning policy (semver.org) with a caveat:
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
caveat: Major version zero is a special case indicating development version that may make incompatible API changes without incrementing MAJOR version.