Giter VIP home page Giter VIP logo

lambda-letsencrypt's Introduction

Lambda Lets-Encrypt

Use AWS Lambda to manage SSL certificates for any site that uses Amazon's CloudFront CDN.

Why do I want this?

Rather than having to dedicate a machine to running the Lets-Encrypt client to maintain your certificate for your CloudFront distribution, you can let it all live on Amazon's infrastructure for cheap. You'll receive notification if anything goes wrong, and there's no hardware or virtual machines for you to manage.

How do I use this?

If you just want it to work and be done there is a wizard that will do all the work for you. Or if you're more of a power user and want to see what all is going on you can follow the steps to configure it manually.

Automatic Wizard

  1. Download this repo

  2. Install the required dependency with pip install boto3

  3. Save your AWS credentials:

    • install awscli and run aws configure, or

    • manually create the file ~/.aws/credentials with the following contents:

      [default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
region = us-east-1 ; Replace with your region

  4. Run python wizard.py

    This will

    • ask you a few questions about your desired set up
    • create a configuration file
    • upload the lambda function for you
    • help you manually configure the lambda's daily scheduling (this can't be done automatically because there's no API yet)

Manual Setup

More docs coming soon.

How does it work?

This works by running a Lambda function once per day which will check your certificate's expiration, and renew it if it is nearing expiration.

Since Lambda is billed in 100ms increments and this only needs to run once a day for less than 10seconds each time the cost to run this is less than a penny per month(i.e. effectively free)

But I only have a static S3 website, how do I use this?

See the guide: Configuring a static S3 website to use CloudFront

Reporting Bugs/Feature Requests

The goal of this project is to make it as simple as possible for anyone to add encryption to their (cloudfront hosted) website. Anything that makes you uncertain should be filed as an issue.

Special Thanks

I want to thank @diafygi for https://github.com/diafygi/acme-tiny, which I've borrowed some code for so as not to need any python-openssl dependencies(which isn't easily available in Lambda).

Hacking

Python Dependencies(for local development):

  • boto3
  • python-dateutil

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.