acme-dns-route53 ke sesebelisoa se tla re lumella ho kenya tšebetsong tšobotsi ena. E ka sebetsa le litifikeiti tsa SSL tse tsoang ho Let's Encrypt, li li boloke ho Motsamaisi oa Setifikeiti sa Amazon, sebelisa Route53 API ho kenya ts'ebetsong phephetso ea DNS-01, 'me, qetellong, e sutumelletsa litsebiso ho SNS. IN acme-dns-route53 Ho boetse ho na le ts'ebetso e hahelletsoeng kahare bakeng sa ts'ebeliso ka hare ho AWS Lambda, mme sena ke seo re se hlokang.
Sengoliloeng sena se arotsoe ka likarolo tse 4:
ho theha faele ea zip;
ho theha karolo ea IAM;
ho theha mosebetsi wa lambda o sebetsang acme-dns-route53;
ho theha nako ea CloudWatch e bakang ts'ebetso makhetlo a 2 ka letsatsi;
acme-dns-route53 e ngotsoe ka GoLang mme e tšehetsa mofuta o seng tlase ho 1.9.
Re hloka ho theha faele ea zip ka binary acme-dns-route53 ka hare. Ho etsa sena o hloka ho kenya acme-dns-route53 ho tloha polokelong ea GitHub u sebelisa taelo go install:
$ env GOOS=linux GOARCH=amd64 go install github.com/begmaroman/acme-dns-route53
Binary e kentsoe ka har'a $GOPATH/bin directory. Ka kopo hlokomela hore nakong ea ho kenya re boletse maemo a mabeli a fetohileng: GOOS=linux и GOARCH=amd64. Ba hlakisa ho moqapi oa Go hore e hloka ho theha binary e loketseng Linux OS le meralo ea amd64 - sena ke sona se sebetsang ho AWS.
AWS e lebelletse hore lenaneo la rona le kenngoe ka faele ea zip, kahoo ha re theheng acme-dns-route53.zip archive e tla ba le binary e sa tsoa kenngoa:
$ zip -j ~/acme-dns-route53.zip $GOPATH/bin/acme-dns-route53
Hlokomela: Binary e lokela ho ba motso oa polokelo ea zip. Bakeng sa sena re sebelisa -j folakha.
Hona joale lebitso la rona la bosoasoi la zip le se le loketse ho romelloa, se setseng ke ho theha karolo e nang le litokelo tse hlokahalang.
Ho theha karolo ea IAM
Re hloka ho theha karolo ea IAM ka litokelo tse hlokoang ke lambda ea rona nakong ea ts'ebetso ea eona.
Ha re bitse leano lena lambda-acme-dns-route53-executor mme hanghang mo fe karolo ya motheo AWSLambdaBasicExecutionRole. Sena se tla lumella lambda ea rona ho matha le ho ngola li-log ho tšebeletso ea AWS CloudWatch.
Taba ea pele, re theha faele ea JSON e hlalosang litokelo tsa rona. Sena se tla lumella lits'ebeletso tsa lambda ho sebelisa karolo eo lambda-acme-dns-route53-executor:
Joale ha re tsamaiseng taelo aws iam create-role ho theha karolo:
$ aws iam create-role --role-name lambda-acme-dns-route53-executor
--assume-role-policy-document ~/lambda-acme-dns-route53-executor-policy.json
Hlokomela: hopola pholisi ARN (Amazon Resource Name) - re tla e hloka mehatong e latelang.
Karolo lambda-acme-dns-route53-executor e thehiloe, joale re hloka ho hlakisa litumello bakeng sa eona. Mokhoa o bonolo oa ho etsa sena ke ho sebelisa taelo aws iam attach-role-policy, ho fetisa leano la ARN AWSLambdaBasicExecutionRole ka tsela e latelang:
$ aws iam attach-role-policy --role-name lambda-acme-dns-route53-executor
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Hlokomela: lenane le nang le maano a mang le ka fumanoa mona.
Ho theha mosebetsi oa lambda o sebetsang acme-dns-route53
Hooray! Joale o ka tsamaisa mosebetsi oa rona ho AWS o sebelisa taelo aws lambda create-function. Lambda e tlameha ho hlophisoa ho sebelisoa mefuta e latelang ea tikoloho:
AWS_LAMBDA - e hlakisa acme-dns-route53 phethahatso eo e etsahala ka hare ho AWS Lambda.
DOMAINS — lenane la libaka tse arotsoeng ka lifeheloa.