This repository provides an Amazon AWS stack to periodically and automatically renew a Let's-encrypt-SSL-certificate, and to deploy it for a website hosted on Amazon S3.
The stack consists of:
- the required AWS IAM users, roles and their associated policies
- an Amazon ECR repository which holds a docker image with the certificate renewal script
- an Amazon ECS task definition which describes the task to renew a certificate
- an Amazon ECS cluster where AWS will create a docker container from the supplied docker image
- an Amazon Lambda function which will launch the ECS task
- an Amazon CloudWatch log group which collects the logs of the docker container and the Lambda function
- a Amazon CloudWatch event rule which periodically (once a month) triggers the lambda function to renew the certificate
The required stack is managed with ansible playbooks.
-
copy
aws.env.distribtoaws.envand update the environment variables inaws.env -
set the required configuration values
$ source aws.env
- copy
ansible/config.yml.distribtoansible/config.ymland update the configuration entries
$ cd ansible
# creates the AWS stack
$ ansible-playbook create-stack.yml$ cd ansible
$ ansible-playbook delete-stack.yml