搭RequestCertificate配 AWS SDK或使用 CLI - AWS SDK 程式碼範例

AWS 文檔 AWS SDK示例 GitHub 回購中有更多SDK示例

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

RequestCertificate配 AWS SDK或使用 CLI

下列程式碼範例會示範如何使用RequestCertificate

動作範例是大型程式的程式碼摘錄,必須在內容中執行。您可以在下列程式碼範例的內容中看到此動作:

C++
SDK對於 C ++
注意

還有更多關於 GitHub。尋找完整範例,並了解如何在AWS 設定和執行程式碼範例儲存庫

//! Request an AWS Certificate Manager (ACM) certificate.
/*!
  \param domainName: A fully qualified domain name.
  \param idempotencyToken: Customer chosen string for idempotency.
  \param clientConfiguration: AWS client configuration.
  \return bool: Function succeeded.
 */
bool AwsDoc::ACM::requestCertificate(const Aws::String &domainName,
                                     const Aws::String &idempotencyToken,
                                     const Aws::Client::ClientConfiguration &clientConfiguration) {
    Aws::ACM::ACMClient acmClient(clientConfiguration);

    Aws::ACM::Model::RequestCertificateRequest request;
    request.WithDomainName(domainName)
            .WithIdempotencyToken(idempotencyToken);

    Aws::ACM::Model::RequestCertificateOutcome outcome =
            acmClient.RequestCertificate(request);

    if (!outcome.IsSuccess()) {
        std::cerr << "RequestCertificate error: " <<
                  outcome.GetError().GetMessage() << std::endl;

        return false;
    }
    else {
        std::cout << "Success: The newly requested certificate's "
                     "ARN is '" <<
                  outcome.GetResult().GetCertificateArn() <<
                  "'." << std::endl;

        return true;
    }
}
CLI
AWS CLI

要求新ACM憑證

下列request-certificate命令會使用驗證為 www.example.com 網域要求新憑證:DNS

aws acm request-certificate --domain-name www.example.com --validation-method DNS

您可以輸入冪等權杖來區分呼叫:request-certificate

aws acm request-certificate --domain-name www.example.com --validation-method DNS --idempotency-token 91adc45q

您可以輸入一或多個主體替代名稱來要求保護多個頂點網域的憑證:

aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names www.example.net

您可以輸入替代名稱,該名稱也可以用來訪問您的網站:

aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names www.example.com

您可以使用星號 (*) 作為萬用字元,為相同網域中的多個子網域建立憑證:

aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names *.example.com

您也可以輸入多個替代名稱:

aws acm request-certificate --domain-name example.com --validation-method DNS --subject-alternative-names b.example.com c.example.com d.example.com

如果您使用電子郵件進行驗證,則可以輸入網域驗證選項,以指定要傳送驗證電子郵件的網域:

aws acm request-certificate --domain-name example.com --validation-method EMAIL --subject-alternative-names www.example.com --domain-validation-options DomainName=example.com,ValidationDomain=example.com

當您要求新的憑證時,下列命令會選擇退出憑證透明度記錄:

aws acm request-certificate --domain-name www.example.com --validation-method DNS --options CertificateTransparencyLoggingPreference=DISABLED --idempotency-token 184627
PowerShell
用於的工具 PowerShell

範例 1:建立新憑證。服務會傳回新憑證ARN的。

New-ACMCertificate -DomainName "www.example.com"

輸出:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

範例 2:建立新憑證。服務會傳回新憑證ARN的。

New-ACMCertificate -DomainName "www.example.com" -SubjectAlternativeName "example.com","www.example.net"

輸出:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

  • 如需詳API細資訊,請參閱AWS Tools for PowerShell 指令程RequestCertificate式參考中的。

Python
SDK對於 Python(肉毒桿菌 3)
注意

還有更多關於 GitHub。尋找完整範例,並了解如何在AWS 設定和執行程式碼範例儲存庫

class AcmCertificate:
    """
    Encapsulates ACM functions.
    """

    def __init__(self, acm_client):
        """
        :param acm_client: A Boto3 ACM client.
        """
        self.acm_client = acm_client


    def request_validation(
        self, domain, alternate_domains, method, validation_domains=None
    ):
        """
        Starts a validation request that results in a new certificate being issued
        by ACM. DNS validation requires that you add CNAME records to your DNS
        provider. Email validation sends email to a list of email addresses that
        are associated with the domain.

        For more information, see _Issuing and managing certificates_ in the ACM
        user guide.
            https://docs.aws.amazon.com/acm/latest/userguide/gs.html

        :param domain: The primary domain to associate with the certificate.
        :param alternate_domains: Subject Alternate Names (SANs) for the certificate.
        :param method: The validation method, either DNS or EMAIL.
        :param validation_domains: Alternate domains to use for email validation, when
                                   the email domain differs from the primary domain of
                                   the certificate.
        :return: The ARN of the requested certificate.
        """
        try:
            kwargs = {
                "DomainName": domain,
                "ValidationMethod": method,
                "SubjectAlternativeNames": alternate_domains,
            }
            if validation_domains is not None:
                kwargs["DomainValidationOptions"] = [
                    {"DomainName": key, "ValidationDomain": value}
                    for key, value in validation_domains.items()
                ]
            response = self.acm_client.request_certificate(**kwargs)
            certificate_arn = response["CertificateArn"]
            logger.info(
                "Requested %s validation for domain %s. Certificate ARN is %s.",
                method,
                domain,
                certificate_arn,
            )
        except ClientError:
            logger.exception(
                "Request for %s validation of domain %s failed.", method, domain
            )
            raise
        else:
            return certificate_arn

  • 如需詳API細資訊,請參閱RequestCertificateAWS SDK的《Python (博多 3) API 參考資料》。