Cert Generator is a hobby project that aim to automate TLS self signed certificates. Cert generator can be used locally as standalone binary, as well as aws deployment.
aws infrastructure is handled by terrafrom:
client and admin binaries are not a part of AWS cloud.
least privilege permission rule was applied client and admin have very limited permissions:
client-> invoke client lambdaadmin-> invoke client, admin, users lambdas
admin and client, binaries do not have access to any other internal resources. Access to specific resource is defined in each lambda that client and admin can invoke.
In order to create AWS infrastructure, use following policy: aws-permission.json
- build go binary from
main.goin/src/cert-generator/dir:$ GOOS=linux GOARCH=amd64 go build -tags lambda.norpc -o bootstrap main.go - zip pacakge:
a. bootstrap.zip for certGenerator
b. client.zip for cognito-client
c. users.zip for cognito-users - place .zip files in
/terraformdir. - customise terraform variables if needed.
- run terraform apply command.