Using AWS CLI for ACM's 'import-certificate' to re-import a renewed cert, chain and private key for a LetsEncrypt certificate that gets dropped off in an S3 bucket. It seems the usual file parameter syntax notation. I am using [aws-cli/1.18.69 Python/3.8.10 Linux/5.14.0-1056-oem botocore/1.16.19]
Here is what is not working:
aws acm import-certificate --certificate fileb://s3://foo-bucket-001/bar.com/cert.pem --certificate-chain fileb://s3://foo-bucket-001/bar.com/chain.pem --private-key fileb://s3://foo-bucket-001/bar.com/privkey.pem --certificate-arn arn:aws:acm:us-east-1:000000000000:certificate/d3bbe6f3-c479-4bbe-ad16-cc97745501a5
Error Message:
Error parsing parameter '--certificate': Unable to load paramfile fileb://s3://foo-bucket-001/townsquareignite.com/cert.pem: [Errno 2] No such file or directory: 's3://foo-bucket-001/townsquareignite.com/cert.pem'
I've tried s3://, file://, and fileb://,using the ARN for the S3 objects.
Having no joy.
Using fileb://path/to-local/cert.pem does work, so obviously it's just the command binary file syntax to the files in S3 bucket arenot correct. But I cannot find any documentation now previous answer.
Any AWS CLI ACM via S3 guidance here?
CodePudding user response:
I believe you cannot use this cli command with s3. If you type aws acm import-certificate help
there is nothing about s3 at all. A private certificate usually is very sensitive information and I think AWS doesn't encourage uploading it to s3. Or maybe it was an original idea when they developed this CLI sub-command.
Unfortunately, you'll have to import it once from your local machine and then refer to its ARN in your automation/infrastructure code.