in scripts/vpn-endpoint-security-resource-handler.py [0:0]
def createCert(event, context):
try:
installEasyRSACommands = ['curl -L https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz -O',
'mkdir /tmp/easyrsa',
'mkdir /tmp/vpndetails',
'tar -xvzf /tmp/EasyRSA-unix-v3.0.6.tgz -C /tmp/easyrsa',
'ls /tmp/easyrsa']
runCommandSet(installEasyRSACommands)
easyRsaCommands = [ '/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa init-pki',
'/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa init-pki',
'/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa build-ca nopass',
'/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa build-server-full server nopass',
'cp /tmp/pki/ca.crt /tmp/vpndetails/',
'cp /tmp/pki/issued/server.crt /tmp/vpndetails/server.crt',
'cp /tmp/pki/private/server.key /tmp/vpndetails/server.key',
]
runCommandSet(easyRsaCommands, '/tmp/easy-rsa/EasyRSA-v3.0.6')
serverCertResponse = acm.import_certificate(
Certificate=get_bytes_from_file('/tmp/vpndetails/server.crt'),
PrivateKey=get_bytes_from_file('/tmp/vpndetails/server.key'),
CertificateChain=get_bytes_from_file('/tmp/vpndetails/ca.crt')
)
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, serverCertResponse['CertificateArn'])
except Exception as e:
logger.error(e)
response_data = {'ErrorMessage': e}
cfnresponse.send(event, context, cfnresponse.FAILED, responseData)