-
Notifications
You must be signed in to change notification settings - Fork 4
/
template.yaml
45 lines (43 loc) · 1.28 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Description: "Deploys ACMAutoValidate Lambda that can be used as a CFN Custom Resources."
Resources:
Role:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Policies:
- PolicyName: "ACMandRoute53Access"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "acm:DescribeCertificate"
- "acm:ListCertificates"
- "acm:RequestCertificate"
- "acm:DeleteCertificate"
- "route53:ListHostedZonesByName"
- "route53:ChangeResourceRecordSets"
Resource: "*"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- "sts:AssumeRole"
Function:
Type: AWS::Lambda::Function
Properties:
FunctionName: acm-autovalidate
Code: acm-autovalidate.zip
Handler: acm_autovalidate.handler
Role: !GetAtt Role.Arn
Runtime: python3.6
Outputs:
FunctionArn:
Value: !GetAtt Function.Arn
Export:
Name: ACMAutoValidate