文档 AWS SDK 示例 GitHub 存储库中还有更多 [S AWS DK 示例](https://github.com/awsdocs/aws-doc-sdk-examples)。
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 SDK for Python (Boto3) 的 ACM 示例
以下代码示例向您展示了如何使用 适用于 Python (Boto3) 的 AWS SDK 与 ACM 配合使用来执行操作和实现常见场景。
*基本功能*是向您展示如何在服务中执行基本操作的代码示例。
*操作*是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [基本功能](#basics)
+ [操作](#actions)
## 基本功能
### 了解基本功能
以下代码示例展示了如何:
+ 向 ACM 申请证书。
+ 导入自签名证书。
+ 列出并描述证书。
+ 删除证书。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
创建一个包装 ACM 操作的类。
```
import logging
from pprint import pprint
import boto3
from botocore.exceptions import ClientError
logger = logging.getLogger(__name__)
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def request_validation(
self, domain, alternate_domains, method, validation_domains=None
):
"""
Starts a validation request that results in a new certificate being issued
by ACM. DNS validation requires that you add CNAME records to your DNS
provider. Email validation sends email to a list of email addresses that
are associated with the domain.
For more information, see _Issuing and managing certificates_ in the ACM
user guide.
https://docs.aws.amazon.com/acm/latest/userguide/gs.html
:param domain: The primary domain to associate with the certificate.
:param alternate_domains: Subject Alternate Names (SANs) for the certificate.
:param method: The validation method, either DNS or EMAIL.
:param validation_domains: Alternate domains to use for email validation, when
the email domain differs from the primary domain of
the certificate.
:return: The ARN of the requested certificate.
"""
try:
kwargs = {
"DomainName": domain,
"ValidationMethod": method,
"SubjectAlternativeNames": alternate_domains,
}
if validation_domains is not None:
kwargs["DomainValidationOptions"] = [
{"DomainName": key, "ValidationDomain": value}
for key, value in validation_domains.items()
]
response = self.acm_client.request_certificate(**kwargs)
certificate_arn = response["CertificateArn"]
logger.info(
"Requested %s validation for domain %s. Certificate ARN is %s.",
method,
domain,
certificate_arn,
)
except ClientError:
logger.exception(
"Request for %s validation of domain %s failed.", method, domain
)
raise
else:
return certificate_arn
def import_certificate(self, certificate_body, private_key):
"""
Imports a self-signed certificate to ACM.
:param certificate_body: The body of the certificate, in PEM format.
:param private_key: The unencrypted private key of the certificate, in PEM
format.
:return: The ARN of the imported certificate.
"""
try:
response = self.acm_client.import_certificate(
Certificate=certificate_body, PrivateKey=private_key
)
certificate_arn = response["CertificateArn"]
logger.info("Imported certificate.")
except ClientError:
logger.exception("Couldn't import certificate.")
raise
else:
return certificate_arn
def list(
self,
max_items,
statuses=None,
key_usage=None,
extended_key_usage=None,
key_types=None,
):
"""
Lists the certificates for the current account.
:param max_items: The maximum number of certificates to list.
:param statuses: Filters the results to the specified statuses. If None, all
certificates are included.
:param key_usage: Filters the results to the specified key usages. If None,
all key usages are included.
:param extended_key_usage: Filters the results to the specified extended key
usages. If None, all extended key usages are
included.
:param key_types: Filters the results to the specified key types. If None, all
key types are included.
:return: The list of certificates.
"""
try:
kwargs = {"MaxItems": max_items}
if statuses is not None:
kwargs["CertificateStatuses"] = statuses
includes = {}
if key_usage is not None:
includes["keyUsage"] = key_usage
if extended_key_usage is not None:
includes["extendedKeyUsage"] = extended_key_usage
if key_types is not None:
includes["keyTypes"] = key_types
if includes:
kwargs["Includes"] = includes
response = self.acm_client.list_certificates(**kwargs)
certificates = response["CertificateSummaryList"]
logger.info("Got %s certificates.", len(certificates))
except ClientError:
logger.exception("Couldn't get certificates.")
raise
else:
return certificates
def describe(self, certificate_arn):
"""
Gets certificate metadata.
:param certificate_arn: The Amazon Resource Name (ARN) of the certificate.
:return: Metadata about the certificate.
"""
try:
response = self.acm_client.describe_certificate(
CertificateArn=certificate_arn
)
certificate = response["Certificate"]
logger.info(
"Got metadata for certificate for domain %s.", certificate["DomainName"]
)
except ClientError:
logger.exception("Couldn't get data for certificate %s.", certificate_arn)
raise
else:
return certificate
def get(self, certificate_arn):
"""
Gets the body and certificate chain of a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The body and chain of a certificate.
"""
try:
response = self.acm_client.get_certificate(CertificateArn=certificate_arn)
logger.info("Got certificate %s and its chain.", certificate_arn)
except ClientError:
logger.exception("Couldn't get certificate %s.", certificate_arn)
raise
else:
return response
def add_tags(self, certificate_arn, tags):
"""
Adds tags to a certificate. Tags are key-value pairs that contain custom
metadata.
:param certificate_arn: The ARN of the certificate.
:param tags: A dictionary of key-value tags to add to the certificate.
"""
try:
self.acm_client.add_tags_to_certificate(
CertificateArn=certificate_arn,
Tags=[{"Key": key, "Value": value} for key, value in tags.items()],
)
logger.info("Added %s tags to certificate %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't add tags to certificate %s.", certificate_arn)
raise
def list_tags(self, certificate_arn):
"""
Lists the tags attached to a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The dictionary of certificate tags.
"""
try:
response = self.acm_client.list_tags_for_certificate(
CertificateArn=certificate_arn
)
tags = {tag["Key"]: tag["Value"] for tag in response["Tags"]}
logger.info("Got %s tags for certificates %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't get tags for certificate %s.", certificate_arn)
raise
else:
return tags
def remove_tags(self, certificate_arn, tags):
"""
Removes tags from a certificate. If the value of a tag is specified, the tag is
removed only when the value matches the value of the certificate's tag.
Otherwise, the tag is removed regardless of its value.
:param certificate_arn: The ARN of the certificate.
:param tags: The dictionary of tags to remove.
"""
try:
cert_tags = []
for key, value in tags.items():
tag = {"Key": key}
if value is not None:
tag["Value"] = value
cert_tags.append(tag)
self.acm_client.remove_tags_from_certificate(
CertificateArn=certificate_arn, Tags=cert_tags
)
logger.info(
"Removed %s tags from certificate %s.", len(tags), certificate_arn
)
except ClientError:
logger.exception(
"Couldn't remove tags from certificate %s.", certificate_arn
)
raise
def remove(self, certificate_arn):
"""
Removes a certificate.
:param certificate_arn: The ARN of the certificate to remove.
"""
try:
self.acm_client.delete_certificate(CertificateArn=certificate_arn)
logger.info("Removed certificate %s.", certificate_arn)
except ClientError:
logger.exception("Couldn't remove certificate %s.", certificate_arn)
raise
```
使用包装类来管理您账户的证书。
```
def usage_demo():
print("-" * 88)
print("Welcome to the AWS Certificate Manager (ACM) demo!")
print("-" * 88)
logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")
acm_certificate = AcmCertificate(boto3.client("acm"))
domain = "example.com"
sub_domains = [f"{sub}.{domain}" for sub in ["test", "dev"]]
print(f"Request a certificate for {domain}.")
certificate_arn = acm_certificate.request_validation(domain, sub_domains, "DNS")
print(f"Started validation, got certificate ARN: {certificate_arn}.")
import_cert_arn = None
cert_file_name = input(
"Enter the file name for a self-signed certificate in PEM format. "
"This certificate will be imported to ACM. Press Enter to skip: "
)
if cert_file_name:
pk_file_name = input(
"Enter the file name for the unencrypted private key of the certificate. "
"This file must also be in PEM format: "
)
if pk_file_name:
with open(cert_file_name, "rb") as cert_file:
import_cert = cert_file.read()
with open(pk_file_name, "rb") as pk_file:
import_pk = pk_file.read()
import_cert_arn = acm_certificate.import_certificate(import_cert, import_pk)
print(f"Certificate imported, got ARN: {import_cert_arn}")
else:
print("No private key file entered. Skipping certificate import.")
else:
print("Skipping self-signed certificate import.")
print("Getting the first 10 issued certificates.")
certificates = acm_certificate.list(10, statuses=["ISSUED"])
print(f"Found {len(certificates)} issued certificates.")
print(f"Getting metadata for certificate {certificate_arn}")
cert_metadata = acm_certificate.describe(certificate_arn)
pprint(cert_metadata)
if import_cert_arn is not None:
print(f"Getting certificate for imported certificate {import_cert_arn}")
import_cert_data = acm_certificate.get(import_cert_arn)
pprint(import_cert_data)
print(f"Adding tags to certificate {certificate_arn}.")
acm_certificate.add_tags(certificate_arn, {"purpose": "acm demo", "color": "green"})
tags = acm_certificate.list_tags(certificate_arn)
print(f"Found tags: {tags}")
acm_certificate.remove_tags(certificate_arn, {key: None for key in tags})
print("Removed tags.")
print("Removing certificates added during the demo.")
acm_certificate.remove(certificate_arn)
if import_cert_arn is not None:
acm_certificate.remove(import_cert_arn)
print("Thanks for watching!")
print("-" * 88)
```
+ 有关 API 详细信息,请参阅《AWS SDK for Python (Boto3) API Reference》**中的以下主题。
+ [AddTagsToCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/AddTagsToCertificate)
+ [DeleteCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DeleteCertificate)
+ [DescribeCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DescribeCertificate)
+ [GetCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/GetCertificate)
+ [ImportCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ImportCertificate)
+ [ListCertificates](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListCertificates)
+ [ListTagsForCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListTagsForCertificate)
+ [RemoveTagsFromCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RemoveTagsFromCertificate)
+ [RequestCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RequestCertificate)
+ [ResendValidationEmail](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ResendValidationEmail)
## 操作
### `AddTagsToCertificate`
以下代码示例演示了如何使用 `AddTagsToCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def add_tags(self, certificate_arn, tags):
"""
Adds tags to a certificate. Tags are key-value pairs that contain custom
metadata.
:param certificate_arn: The ARN of the certificate.
:param tags: A dictionary of key-value tags to add to the certificate.
"""
try:
self.acm_client.add_tags_to_certificate(
CertificateArn=certificate_arn,
Tags=[{"Key": key, "Value": value} for key, value in tags.items()],
)
logger.info("Added %s tags to certificate %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't add tags to certificate %s.", certificate_arn)
raise
```
+ 有关 API 的详细信息,请参阅适用[AddTagsToCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/AddTagsToCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `DeleteCertificate`
以下代码示例演示了如何使用 `DeleteCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def remove(self, certificate_arn):
"""
Removes a certificate.
:param certificate_arn: The ARN of the certificate to remove.
"""
try:
self.acm_client.delete_certificate(CertificateArn=certificate_arn)
logger.info("Removed certificate %s.", certificate_arn)
except ClientError:
logger.exception("Couldn't remove certificate %s.", certificate_arn)
raise
```
+ 有关 API 的详细信息,请参阅适用[DeleteCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DeleteCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `DescribeCertificate`
以下代码示例演示了如何使用 `DescribeCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def describe(self, certificate_arn):
"""
Gets certificate metadata.
:param certificate_arn: The Amazon Resource Name (ARN) of the certificate.
:return: Metadata about the certificate.
"""
try:
response = self.acm_client.describe_certificate(
CertificateArn=certificate_arn
)
certificate = response["Certificate"]
logger.info(
"Got metadata for certificate for domain %s.", certificate["DomainName"]
)
except ClientError:
logger.exception("Couldn't get data for certificate %s.", certificate_arn)
raise
else:
return certificate
```
+ 有关 API 的详细信息,请参阅适用[DescribeCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DescribeCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `GetCertificate`
以下代码示例演示了如何使用 `GetCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def get(self, certificate_arn):
"""
Gets the body and certificate chain of a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The body and chain of a certificate.
"""
try:
response = self.acm_client.get_certificate(CertificateArn=certificate_arn)
logger.info("Got certificate %s and its chain.", certificate_arn)
except ClientError:
logger.exception("Couldn't get certificate %s.", certificate_arn)
raise
else:
return response
```
+ 有关 API 的详细信息,请参阅适用[GetCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/GetCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `ImportCertificate`
以下代码示例演示了如何使用 `ImportCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def import_certificate(self, certificate_body, private_key):
"""
Imports a self-signed certificate to ACM.
:param certificate_body: The body of the certificate, in PEM format.
:param private_key: The unencrypted private key of the certificate, in PEM
format.
:return: The ARN of the imported certificate.
"""
try:
response = self.acm_client.import_certificate(
Certificate=certificate_body, PrivateKey=private_key
)
certificate_arn = response["CertificateArn"]
logger.info("Imported certificate.")
except ClientError:
logger.exception("Couldn't import certificate.")
raise
else:
return certificate_arn
```
+ 有关 API 的详细信息,请参阅适用[ImportCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ImportCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `ListCertificates`
以下代码示例演示了如何使用 `ListCertificates`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def list(
self,
max_items,
statuses=None,
key_usage=None,
extended_key_usage=None,
key_types=None,
):
"""
Lists the certificates for the current account.
:param max_items: The maximum number of certificates to list.
:param statuses: Filters the results to the specified statuses. If None, all
certificates are included.
:param key_usage: Filters the results to the specified key usages. If None,
all key usages are included.
:param extended_key_usage: Filters the results to the specified extended key
usages. If None, all extended key usages are
included.
:param key_types: Filters the results to the specified key types. If None, all
key types are included.
:return: The list of certificates.
"""
try:
kwargs = {"MaxItems": max_items}
if statuses is not None:
kwargs["CertificateStatuses"] = statuses
includes = {}
if key_usage is not None:
includes["keyUsage"] = key_usage
if extended_key_usage is not None:
includes["extendedKeyUsage"] = extended_key_usage
if key_types is not None:
includes["keyTypes"] = key_types
if includes:
kwargs["Includes"] = includes
response = self.acm_client.list_certificates(**kwargs)
certificates = response["CertificateSummaryList"]
logger.info("Got %s certificates.", len(certificates))
except ClientError:
logger.exception("Couldn't get certificates.")
raise
else:
return certificates
```
+ 有关 API 的详细信息,请参阅适用[ListCertificates](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListCertificates)于 *Python 的AWS SDK (Boto3) API 参考*。
### `ListTagsForCertificate`
以下代码示例演示了如何使用 `ListTagsForCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def list_tags(self, certificate_arn):
"""
Lists the tags attached to a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The dictionary of certificate tags.
"""
try:
response = self.acm_client.list_tags_for_certificate(
CertificateArn=certificate_arn
)
tags = {tag["Key"]: tag["Value"] for tag in response["Tags"]}
logger.info("Got %s tags for certificates %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't get tags for certificate %s.", certificate_arn)
raise
else:
return tags
```
+ 有关 API 的详细信息,请参阅适用[ListTagsForCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListTagsForCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `RemoveTagsFromCertificate`
以下代码示例演示了如何使用 `RemoveTagsFromCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def remove_tags(self, certificate_arn, tags):
"""
Removes tags from a certificate. If the value of a tag is specified, the tag is
removed only when the value matches the value of the certificate's tag.
Otherwise, the tag is removed regardless of its value.
:param certificate_arn: The ARN of the certificate.
:param tags: The dictionary of tags to remove.
"""
try:
cert_tags = []
for key, value in tags.items():
tag = {"Key": key}
if value is not None:
tag["Value"] = value
cert_tags.append(tag)
self.acm_client.remove_tags_from_certificate(
CertificateArn=certificate_arn, Tags=cert_tags
)
logger.info(
"Removed %s tags from certificate %s.", len(tags), certificate_arn
)
except ClientError:
logger.exception(
"Couldn't remove tags from certificate %s.", certificate_arn
)
raise
```
+ 有关 API 的详细信息,请参阅适用[RemoveTagsFromCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RemoveTagsFromCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `RequestCertificate`
以下代码示例演示了如何使用 `RequestCertificate`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def request_validation(
self, domain, alternate_domains, method, validation_domains=None
):
"""
Starts a validation request that results in a new certificate being issued
by ACM. DNS validation requires that you add CNAME records to your DNS
provider. Email validation sends email to a list of email addresses that
are associated with the domain.
For more information, see _Issuing and managing certificates_ in the ACM
user guide.
https://docs.aws.amazon.com/acm/latest/userguide/gs.html
:param domain: The primary domain to associate with the certificate.
:param alternate_domains: Subject Alternate Names (SANs) for the certificate.
:param method: The validation method, either DNS or EMAIL.
:param validation_domains: Alternate domains to use for email validation, when
the email domain differs from the primary domain of
the certificate.
:return: The ARN of the requested certificate.
"""
try:
kwargs = {
"DomainName": domain,
"ValidationMethod": method,
"SubjectAlternativeNames": alternate_domains,
}
if validation_domains is not None:
kwargs["DomainValidationOptions"] = [
{"DomainName": key, "ValidationDomain": value}
for key, value in validation_domains.items()
]
response = self.acm_client.request_certificate(**kwargs)
certificate_arn = response["CertificateArn"]
logger.info(
"Requested %s validation for domain %s. Certificate ARN is %s.",
method,
domain,
certificate_arn,
)
except ClientError:
logger.exception(
"Request for %s validation of domain %s failed.", method, domain
)
raise
else:
return certificate_arn
```
+ 有关 API 的详细信息,请参阅适用[RequestCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RequestCertificate)于 *Python 的AWS SDK (Boto3) API 参考*。
### `ResendValidationEmail`
以下代码示例演示了如何使用 `ResendValidationEmail`。
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def resend_validation_email(self, certificate_arn, domain, validation_domain):
"""
Request that validation email is sent again, for a certificate that was
previously requested with email validation.
:param certificate_arn: The ARN of the certificate.
:param domain: The primary domain of the certificate.
:param validation_domain: Alternate domain to use for determining email
addresses to use for validation.
"""
try:
self.acm_client.resend_validation_email(
CertificateArn=certificate_arn,
Domain=domain,
ValidationDomain=validation_domain,
)
logger.info(
"Validation email resent to validation domain %s.", validation_domain
)
except ClientError:
logger.exception(
"Couldn't resend validation email to %s.", validation_domain
)
raise
```
+ 有关 API 的详细信息,请参阅适用[ResendValidationEmail](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ResendValidationEmail)于 *Python 的AWS SDK (Boto3) API 参考*。