Sono disponibili altri esempi per SDK AWS nel repository GitHub della documentazione degli esempi per SDK AWS
Esempi per ACM con SDK per Python (Boto3)
Gli esempi di codice seguenti mostrano come eseguire operazioni e implementare scenari comuni utilizzando AWS SDK per Python (Boto3) con ACM.
Nozioni di base: esempi di codice che mostrano come eseguire le operazioni essenziali all’interno di un servizio.
Le azioni sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le operazioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati.
Ogni esempio include un link al codice sorgente completo, in cui vengono fornite le istruzioni su come configurare ed eseguire il codice nel contesto.
Argomenti
Nozioni di base
L’esempio di codice seguente mostra come:
Richiedere un certificato da ACM.
Importare un certificato autofirmato.
Elencare e descrivere i certificati.
Rimuovere i certificati.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. Crea una classe per il wrapping delle operazioni ACM.
import logging from pprint import pprint import boto3 from botocore.exceptions import ClientError logger = logging.getLogger(__name__) class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def request_validation( self, domain, alternate_domains, method, validation_domains=None ): """ Starts a validation request that results in a new certificate being issued by ACM. DNS validation requires that you add CNAME records to your DNS provider. Email validation sends email to a list of email addresses that are associated with the domain. For more information, see _Issuing and managing certificates_ in the ACM user guide. https://docs.aws.amazon.com/acm/latest/userguide/gs.html :param domain: The primary domain to associate with the certificate. :param alternate_domains: Subject Alternate Names (SANs) for the certificate. :param method: The validation method, either DNS or EMAIL. :param validation_domains: Alternate domains to use for email validation, when the email domain differs from the primary domain of the certificate. :return: The ARN of the requested certificate. """ try: kwargs = { "DomainName": domain, "ValidationMethod": method, "SubjectAlternativeNames": alternate_domains, } if validation_domains is not None: kwargs["DomainValidationOptions"] = [ {"DomainName": key, "ValidationDomain": value} for key, value in validation_domains.items() ] response = self.acm_client.request_certificate(**kwargs) certificate_arn = response["CertificateArn"] logger.info( "Requested %s validation for domain %s. Certificate ARN is %s.", method, domain, certificate_arn, ) except ClientError: logger.exception( "Request for %s validation of domain %s failed.", method, domain ) raise else: return certificate_arn def import_certificate(self, certificate_body, private_key): """ Imports a self-signed certificate to ACM. :param certificate_body: The body of the certificate, in PEM format. :param private_key: The unencrypted private key of the certificate, in PEM format. :return: The ARN of the imported certificate. """ try: response = self.acm_client.import_certificate( Certificate=certificate_body, PrivateKey=private_key ) certificate_arn = response["CertificateArn"] logger.info("Imported certificate.") except ClientError: logger.exception("Couldn't import certificate.") raise else: return certificate_arn def list( self, max_items, statuses=None, key_usage=None, extended_key_usage=None, key_types=None, ): """ Lists the certificates for the current account. :param max_items: The maximum number of certificates to list. :param statuses: Filters the results to the specified statuses. If None, all certificates are included. :param key_usage: Filters the results to the specified key usages. If None, all key usages are included. :param extended_key_usage: Filters the results to the specified extended key usages. If None, all extended key usages are included. :param key_types: Filters the results to the specified key types. If None, all key types are included. :return: The list of certificates. """ try: kwargs = {"MaxItems": max_items} if statuses is not None: kwargs["CertificateStatuses"] = statuses includes = {} if key_usage is not None: includes["keyUsage"] = key_usage if extended_key_usage is not None: includes["extendedKeyUsage"] = extended_key_usage if key_types is not None: includes["keyTypes"] = key_types if includes: kwargs["Includes"] = includes response = self.acm_client.list_certificates(**kwargs) certificates = response["CertificateSummaryList"] logger.info("Got %s certificates.", len(certificates)) except ClientError: logger.exception("Couldn't get certificates.") raise else: return certificates def describe(self, certificate_arn): """ Gets certificate metadata. :param certificate_arn: The Amazon Resource Name (ARN) of the certificate. :return: Metadata about the certificate. """ try: response = self.acm_client.describe_certificate( CertificateArn=certificate_arn ) certificate = response["Certificate"] logger.info( "Got metadata for certificate for domain %s.", certificate["DomainName"] ) except ClientError: logger.exception("Couldn't get data for certificate %s.", certificate_arn) raise else: return certificate def get(self, certificate_arn): """ Gets the body and certificate chain of a certificate. :param certificate_arn: The ARN of the certificate. :return: The body and chain of a certificate. """ try: response = self.acm_client.get_certificate(CertificateArn=certificate_arn) logger.info("Got certificate %s and its chain.", certificate_arn) except ClientError: logger.exception("Couldn't get certificate %s.", certificate_arn) raise else: return response def add_tags(self, certificate_arn, tags): """ Adds tags to a certificate. Tags are key-value pairs that contain custom metadata. :param certificate_arn: The ARN of the certificate. :param tags: A dictionary of key-value tags to add to the certificate. """ try: self.acm_client.add_tags_to_certificate( CertificateArn=certificate_arn, Tags=[{"Key": key, "Value": value} for key, value in tags.items()], ) logger.info("Added %s tags to certificate %s.", len(tags), certificate_arn) except ClientError: logger.exception("Couldn't add tags to certificate %s.", certificate_arn) raise def list_tags(self, certificate_arn): """ Lists the tags attached to a certificate. :param certificate_arn: The ARN of the certificate. :return: The dictionary of certificate tags. """ try: response = self.acm_client.list_tags_for_certificate( CertificateArn=certificate_arn ) tags = {tag["Key"]: tag["Value"] for tag in response["Tags"]} logger.info("Got %s tags for certificates %s.", len(tags), certificate_arn) except ClientError: logger.exception("Couldn't get tags for certificate %s.", certificate_arn) raise else: return tags def remove_tags(self, certificate_arn, tags): """ Removes tags from a certificate. If the value of a tag is specified, the tag is removed only when the value matches the value of the certificate's tag. Otherwise, the tag is removed regardless of its value. :param certificate_arn: The ARN of the certificate. :param tags: The dictionary of tags to remove. """ try: cert_tags = [] for key, value in tags.items(): tag = {"Key": key} if value is not None: tag["Value"] = value cert_tags.append(tag) self.acm_client.remove_tags_from_certificate( CertificateArn=certificate_arn, Tags=cert_tags ) logger.info( "Removed %s tags from certificate %s.", len(tags), certificate_arn ) except ClientError: logger.exception( "Couldn't remove tags from certificate %s.", certificate_arn ) raise def remove(self, certificate_arn): """ Removes a certificate. :param certificate_arn: The ARN of the certificate to remove. """ try: self.acm_client.delete_certificate(CertificateArn=certificate_arn) logger.info("Removed certificate %s.", certificate_arn) except ClientError: logger.exception("Couldn't remove certificate %s.", certificate_arn) raiseUtilizza la classe wrapper per gestire i certificati per l’account in uso.
def usage_demo(): print("-" * 88) print("Welcome to the AWS Certificate Manager (ACM) demo!") print("-" * 88) logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") acm_certificate = AcmCertificate(boto3.client("acm")) domain = "example.com" sub_domains = [f"{sub}.{domain}" for sub in ["test", "dev"]] print(f"Request a certificate for {domain}.") certificate_arn = acm_certificate.request_validation(domain, sub_domains, "DNS") print(f"Started validation, got certificate ARN: {certificate_arn}.") import_cert_arn = None cert_file_name = input( "Enter the file name for a self-signed certificate in PEM format. " "This certificate will be imported to ACM. Press Enter to skip: " ) if cert_file_name: pk_file_name = input( "Enter the file name for the unencrypted private key of the certificate. " "This file must also be in PEM format: " ) if pk_file_name: with open(cert_file_name, "rb") as cert_file: import_cert = cert_file.read() with open(pk_file_name, "rb") as pk_file: import_pk = pk_file.read() import_cert_arn = acm_certificate.import_certificate(import_cert, import_pk) print(f"Certificate imported, got ARN: {import_cert_arn}") else: print("No private key file entered. Skipping certificate import.") else: print("Skipping self-signed certificate import.") print("Getting the first 10 issued certificates.") certificates = acm_certificate.list(10, statuses=["ISSUED"]) print(f"Found {len(certificates)} issued certificates.") print(f"Getting metadata for certificate {certificate_arn}") cert_metadata = acm_certificate.describe(certificate_arn) pprint(cert_metadata) if import_cert_arn is not None: print(f"Getting certificate for imported certificate {import_cert_arn}") import_cert_data = acm_certificate.get(import_cert_arn) pprint(import_cert_data) print(f"Adding tags to certificate {certificate_arn}.") acm_certificate.add_tags(certificate_arn, {"purpose": "acm demo", "color": "green"}) tags = acm_certificate.list_tags(certificate_arn) print(f"Found tags: {tags}") acm_certificate.remove_tags(certificate_arn, {key: None for key in tags}) print("Removed tags.") print("Removing certificates added during the demo.") acm_certificate.remove(certificate_arn) if import_cert_arn is not None: acm_certificate.remove(import_cert_arn) print("Thanks for watching!") print("-" * 88)-
Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
Azioni
L’esempio di codice seguente mostra come utilizzare AddTagsToCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def add_tags(self, certificate_arn, tags): """ Adds tags to a certificate. Tags are key-value pairs that contain custom metadata. :param certificate_arn: The ARN of the certificate. :param tags: A dictionary of key-value tags to add to the certificate. """ try: self.acm_client.add_tags_to_certificate( CertificateArn=certificate_arn, Tags=[{"Key": key, "Value": value} for key, value in tags.items()], ) logger.info("Added %s tags to certificate %s.", len(tags), certificate_arn) except ClientError: logger.exception("Couldn't add tags to certificate %s.", certificate_arn) raise-
Per informazioni dettagliate sull’API, consulta AddTagsToCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare DeleteCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def remove(self, certificate_arn): """ Removes a certificate. :param certificate_arn: The ARN of the certificate to remove. """ try: self.acm_client.delete_certificate(CertificateArn=certificate_arn) logger.info("Removed certificate %s.", certificate_arn) except ClientError: logger.exception("Couldn't remove certificate %s.", certificate_arn) raise-
Per informazioni dettagliate sull’API, consulta DeleteCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare DescribeCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def describe(self, certificate_arn): """ Gets certificate metadata. :param certificate_arn: The Amazon Resource Name (ARN) of the certificate. :return: Metadata about the certificate. """ try: response = self.acm_client.describe_certificate( CertificateArn=certificate_arn ) certificate = response["Certificate"] logger.info( "Got metadata for certificate for domain %s.", certificate["DomainName"] ) except ClientError: logger.exception("Couldn't get data for certificate %s.", certificate_arn) raise else: return certificate-
Per informazioni dettagliate sull’API, consulta DescribeCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare GetCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def get(self, certificate_arn): """ Gets the body and certificate chain of a certificate. :param certificate_arn: The ARN of the certificate. :return: The body and chain of a certificate. """ try: response = self.acm_client.get_certificate(CertificateArn=certificate_arn) logger.info("Got certificate %s and its chain.", certificate_arn) except ClientError: logger.exception("Couldn't get certificate %s.", certificate_arn) raise else: return response-
Per informazioni dettagliate sull’API, consulta GetCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare ImportCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def import_certificate(self, certificate_body, private_key): """ Imports a self-signed certificate to ACM. :param certificate_body: The body of the certificate, in PEM format. :param private_key: The unencrypted private key of the certificate, in PEM format. :return: The ARN of the imported certificate. """ try: response = self.acm_client.import_certificate( Certificate=certificate_body, PrivateKey=private_key ) certificate_arn = response["CertificateArn"] logger.info("Imported certificate.") except ClientError: logger.exception("Couldn't import certificate.") raise else: return certificate_arn-
Per informazioni dettagliate sull’API, consulta ImportCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare ListCertificates.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def list( self, max_items, statuses=None, key_usage=None, extended_key_usage=None, key_types=None, ): """ Lists the certificates for the current account. :param max_items: The maximum number of certificates to list. :param statuses: Filters the results to the specified statuses. If None, all certificates are included. :param key_usage: Filters the results to the specified key usages. If None, all key usages are included. :param extended_key_usage: Filters the results to the specified extended key usages. If None, all extended key usages are included. :param key_types: Filters the results to the specified key types. If None, all key types are included. :return: The list of certificates. """ try: kwargs = {"MaxItems": max_items} if statuses is not None: kwargs["CertificateStatuses"] = statuses includes = {} if key_usage is not None: includes["keyUsage"] = key_usage if extended_key_usage is not None: includes["extendedKeyUsage"] = extended_key_usage if key_types is not None: includes["keyTypes"] = key_types if includes: kwargs["Includes"] = includes response = self.acm_client.list_certificates(**kwargs) certificates = response["CertificateSummaryList"] logger.info("Got %s certificates.", len(certificates)) except ClientError: logger.exception("Couldn't get certificates.") raise else: return certificates-
Per informazioni dettagliate sull’API, consulta ListCertificates nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare ListTagsForCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def list_tags(self, certificate_arn): """ Lists the tags attached to a certificate. :param certificate_arn: The ARN of the certificate. :return: The dictionary of certificate tags. """ try: response = self.acm_client.list_tags_for_certificate( CertificateArn=certificate_arn ) tags = {tag["Key"]: tag["Value"] for tag in response["Tags"]} logger.info("Got %s tags for certificates %s.", len(tags), certificate_arn) except ClientError: logger.exception("Couldn't get tags for certificate %s.", certificate_arn) raise else: return tags-
Per informazioni dettagliate sull’API, consulta ListTagsForCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare RemoveTagsFromCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def remove_tags(self, certificate_arn, tags): """ Removes tags from a certificate. If the value of a tag is specified, the tag is removed only when the value matches the value of the certificate's tag. Otherwise, the tag is removed regardless of its value. :param certificate_arn: The ARN of the certificate. :param tags: The dictionary of tags to remove. """ try: cert_tags = [] for key, value in tags.items(): tag = {"Key": key} if value is not None: tag["Value"] = value cert_tags.append(tag) self.acm_client.remove_tags_from_certificate( CertificateArn=certificate_arn, Tags=cert_tags ) logger.info( "Removed %s tags from certificate %s.", len(tags), certificate_arn ) except ClientError: logger.exception( "Couldn't remove tags from certificate %s.", certificate_arn ) raise-
Per informazioni dettagliate sull’API, consulta RemoveTagsFromCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare RequestCertificate.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def request_validation( self, domain, alternate_domains, method, validation_domains=None ): """ Starts a validation request that results in a new certificate being issued by ACM. DNS validation requires that you add CNAME records to your DNS provider. Email validation sends email to a list of email addresses that are associated with the domain. For more information, see _Issuing and managing certificates_ in the ACM user guide. https://docs.aws.amazon.com/acm/latest/userguide/gs.html :param domain: The primary domain to associate with the certificate. :param alternate_domains: Subject Alternate Names (SANs) for the certificate. :param method: The validation method, either DNS or EMAIL. :param validation_domains: Alternate domains to use for email validation, when the email domain differs from the primary domain of the certificate. :return: The ARN of the requested certificate. """ try: kwargs = { "DomainName": domain, "ValidationMethod": method, "SubjectAlternativeNames": alternate_domains, } if validation_domains is not None: kwargs["DomainValidationOptions"] = [ {"DomainName": key, "ValidationDomain": value} for key, value in validation_domains.items() ] response = self.acm_client.request_certificate(**kwargs) certificate_arn = response["CertificateArn"] logger.info( "Requested %s validation for domain %s. Certificate ARN is %s.", method, domain, certificate_arn, ) except ClientError: logger.exception( "Request for %s validation of domain %s failed.", method, domain ) raise else: return certificate_arn-
Per informazioni dettagliate sull’API, consulta RequestCertificate nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
L’esempio di codice seguente mostra come utilizzare ResendValidationEmail.
- SDK per Python (Boto3)
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def resend_validation_email(self, certificate_arn, domain, validation_domain): """ Request that validation email is sent again, for a certificate that was previously requested with email validation. :param certificate_arn: The ARN of the certificate. :param domain: The primary domain of the certificate. :param validation_domain: Alternate domain to use for determining email addresses to use for validation. """ try: self.acm_client.resend_validation_email( CertificateArn=certificate_arn, Domain=domain, ValidationDomain=validation_domain, ) logger.info( "Validation email resent to validation domain %s.", validation_domain ) except ClientError: logger.exception( "Couldn't resend validation email to %s.", validation_domain ) raise-
Per informazioni dettagliate sull’API, consulta ResendValidationEmail nella documentazione di riferimento dell’API AWS SDK per Python (Boto3).
-
