Working with IAM Server Certificates
To enable HTTPS connections to your website or application on AWS, you need an SSL/TLS server certificate. To use a certificate that you obtained from an external provider with your website or application on AWS, you must upload the certificate to IAM or import it into AWS Certificate Manager. For more information about server certificates, see Working with Server Certificates.
In this example, you use the AWS SDK for Ruby with IAM to:
-
Update a server certificate, using Aws::IAM::Client#update_server_certificate.
-
Delete the server certificate, using Aws::IAM::Client#delete_server_certificate.
-
List information about any remaining server certificates, using Aws::IAM::Client#list_server_certificates.
Prerequisites
Before running the example code, you need to install and configure the AWS SDK for Ruby, as described in:
Note
The server certificate must already exist, or the script will throw an Aws::IAM::Errors::NoSuchEntity error.
Example
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX - License - Identifier: Apache - 2.0 # The following code example shows how to: # 1. Update a server certificate in AWS Identity and Access Management (IAM). # 2. List the names of available server certificates. # 3. Delete a server certificate. require 'aws-sdk-iam' # Gets a list of available server certificate names in # AWS Identity and Access Management (IAM). # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @example # list_server_certificate_names(Aws::IAM::Client.new) def list_server_certificate_names(iam_client) response = iam_client.list_server_certificates if response.key?('server_certificate_metadata_list') && response.server_certificate_metadata_list.count.positive? response.server_certificate_metadata_list.each do |certificate_metadata| puts certificate_metadata.server_certificate_name end else puts 'No server certificates found. Stopping program.' exit 1 end rescue StandardError => e puts "Error getting server certificate names: #{e.message}" end # Changes the name of a server certificate in # AWS Identity and Access Management (IAM). # # Prerequisites: # # - The server certificate in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param server_certificate_current_name [String] The current name of # the server certificate. # @param server_certificate_new_name [String] The new name for the # the server certificate. # @return [Boolean] true if the name of the server certificate # was changed; otherwise, false. # @example # exit 1 unless server_certificate_name_changed?( # Aws::IAM::Client.new, # 'my-server-certificate', # 'my-changed-server-certificate' # ) def server_certificate_name_changed?( iam_client, server_certificate_current_name, server_certificate_new_name ) iam_client.update_server_certificate( server_certificate_name: server_certificate_current_name, new_server_certificate_name: server_certificate_new_name ) return true rescue StandardError => e puts "Error updating server certificate name: #{e.message}" return false end # Deletes a server certificate in # AWS Identity and Access Management (IAM). # # Prerequisites: # # - The server certificate in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param server_certificate_name [String] The name of the server certificate. # @return [Boolean] true if the server certificate was deleted; # otherwise, false. # @example # exit 1 unless server certificate_deleted?( # Aws::IAM::Client.new, # 'my-server-certificate' # ) def server_certificate_deleted?(iam_client, server_certificate_name) iam_client.delete_server_certificate( server_certificate_name: server_certificate_name ) return true rescue StandardError => e puts "Error deleting server certificate: #{e.message}" return false end # Full example call: def run_me server_certificate_name = 'my-server-certificate' server_certificate_changed_name = 'my-changed-server-certificate' delete_server_certificate = true iam_client = Aws::IAM::Client.new puts "Initial server certificate names are:\n\n" list_server_certificate_names(iam_client) puts "\nAttempting to change name of server certificate " \ " '#{server_certificate_name}' " \ "to '#{server_certificate_changed_name}'..." if server_certificate_name_changed?( iam_client, server_certificate_name, server_certificate_changed_name ) puts 'Server certificate name changed.' puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) if delete_server_certificate # Delete server certificate with changed name. puts "\nAttempting to delete server certificate " \ "'#{server_certificate_changed_name}'..." if server_certificate_deleted?(iam_client, server_certificate_changed_name) puts 'Server certificate deleted.' else puts 'Could not delete server certificate. You must delete it yourself.' end puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) end else puts 'Could not change server certificate name.' puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) if delete_server_certificate # Delete server certificate with initial name. puts "\nAttempting to delete server certificate '#{server_certificate_name}'..." if server_certificate_deleted?(iam_client, server_certificate_name) puts 'Server certificate deleted.' else puts 'Could not delete server certificate. You must delete it yourself.' end puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) end end end run_me if $PROGRAM_NAME == __FILE__
