It’s a familiar scene: as you’re waking up or making your morning coffee, you hear the garbage truck roaring away outside when you suddenly realize your garbage bags are still rotting away in the garage. Do you run after the truck like a lunatic, even though it’s too late (of course I’ve never done this, but I’ve heard it’s a thing)? Or do you just let it go and let the garbage fester even longer? Either way, it’s a frustrating start to the day.

Luckily for me I live in the modern and very civilised province of Limburg of Belgium where the local government has made a website available with a downloadable calendar showing all dates the garbage truck comes along: so handy! They even provide the calendar in a number of digital formats, including iCal. I could just import this into my phone and set an alert on it, but where’s the fun in that? After some fiddling around or “reverse engineering” as they call it, I found out that the data for the calendar files was provided by an undocumented but publicly available API.

Being the sucker for coding up and fooling around with APIs that I am (and given my state of utter boredom while under full lockdown in Belgium) I decided to code up a project based on this API that would send me an SMS notification the evening before garbage collection. Because that’s my idea of fun. And that way I would be reminded to take out the trash on time and keep my garage clean.

Want to know this neat trick to save you from rubbish resentment? Read on!

So for this project I partly used the AWS SAM framework and set up a CodePipeline to deploy my code changes instantly on AWS (stay tuned for a future blogpost on this).

First let’s code up the AWS SAM template file containing the necessary resources for this project.

The resources I used are:

• Type: AWS::Events::Rule
  A Cloudwatch event rule to invoke a lambda each evening around 8.
• Type: AWS::Lambda::Permission
  To give the Cloudwatch event rule permissions to invoke the lambda.
• Type: AWS::Logs::LogGroup
  A log group for the lambda logs.
• Type: AWS::Serverless::Function
  The lambda that will run the show.
• Type: AWS::IAM::Role
  An IAM role for the lambda to have the necessary rights like accessing SNS for the SMS notification.

Next we code up the lambda that will call the API and send us an SMS.

The API provides event data for each month by just requesting the year and month in the url path like this ‘/2020-03’. So we can easily get the data for the current month and loop through its events, checking whether any are occurring the next morning. If so we receive an SMS notifying us (note that you can provide the number of your girlfriend here, but it’s not recommended as I have found out it isn’t that effective).

And that’s all folks!

I’m aware that this trick is no rocket science, and that this isn’t even a full guide to get to the same result (leave a comment if you want some more details), but I thought it would be fun to share how I resolved one of life’s little problems using AWS.

As I’m moving toward two years of professional experience using the platform, I’m still amazed at how easily you can code some services together and create a working, scalable and highly available project in a matter of minutes or hours.

Hope you liked my trashy tale – keep your garages clean and your heads in the cloud!

The post Let’s trash talk! appeared first on Cloudar.

We will use a custom resource written in Python that will be able to create ACM certificates with DNS validation. The custom resource will also automatically validate this certificate if the validation domain is managed by a Route53 hosted zone. We will also be able to specify an AWS region to create the certificate in, this region is independent of the Cloudformation stack region which for example makes it possible to deploy a certificate in region us-east-1 (to use with cloudfront) while deploying the stack in region eu-west-1. The resource will also provide the certificate arn as an output parameter so it can be used by other resources in the stack. Lastly when you delete the custom resource it will cleanup all validation records and the certificate itself.

Requirements:

• Python3
• Pip
• Bash
• Zip
• An S3 bucket to deploy the custom resource package on
• A hosted zone for the validation record

Implementation:

Let’s get started by downloading all the required code from our GitHub repository.

Step1: Uploading the custom resource package

In this step we are going to prepare the custom resource package and upload it to an S3 bucket.

First we go into the custom resource directory.
cd cloudar-acm-plus-custom-resource

Next we execute a script to install all required dependencies.
sh install_dependencies

Now we are ready to create the package.
sh pack_custom_resource

You will now find the zipfile ‘cloudar-acm-plus-custom-resource.zip’ in ‘cloudar-acm-plus-custom-resource/packed’, upload this zip file to your S3 bucket.

Step2: Creating a Cloudformation template

Now we can create a Cloudformation template in which we use this custom resource to create an ACM certificate.
You can use the template ‘cfn.yaml’ as an example.

First create a Lambda resource as following

Use the name of your bucket for the property ‘S3Bucket’ .

Next we create the custom resource.

We can set the following properties here:

• DomainName: (REQUIRED type:String) The domain name for the acm certificate.
• AdditionalDomains: (OPTIONAL type:List) Additional domains for the acm certificate
• ValidationDomain: (REQUIRED type:string) The domain name for the validation domain of the acm certificate
• HostedZoneId: (REQUIRED type:string) The hosted zone id for the validation domain of the acm certificate
• CertificateRegion: (REQUIRED type:string) The region to deploy the acm certificate in
• IdempotencyToken: (REQUIRED type:string pattern: \w+) The idempotency token for the create call of the acm certificate doc: https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html#ACM-RequestCertificate-request-IdempotencyToken
• CertificateTags: (OPTIONAL type:list) The tags for the acm certificate

In order for the DNS record cleanup and delete certificate functionality to work when you delete the Cloudformation stack it is important to set the following output.

As you can see we can access the arn of the certifcate created by the custom resource with the GetAtt function on the resource.
!GetAtt CreateCertificateCustomResource.certificate_arn

Step3: Deploy the cloudformation

Finally the only thing left to do is deploy the Cloudformation template.
Once the deploy is started Cloudformation will create the Lambda containing the code from step1 and start a custom resource which will create the certificate and validation records. Once the status of the certificate becomes ‘ISSUED’ the custom resource will finish successfully and report the arn of the certificate back to Cloudformation. We can now further use this arn in other resources in the Cloudformation template.
When you delete the Cloudformation stack, the custom resource will cleanup the validation records in the hosted zone and delete the certificate.

CREATE_COMPLETE

The post Validate ACM certificates in Cloudformation appeared first on Cloudar.