使用 IAM 服务器证书 - 适用于 Ruby 的 AWS 开发工具包
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用 IAM 服务器证书

要在 AWS 上启用与您的网站或应用程序的 HTTPS 连接,您需要 SSL/TLS 服务器证书。要在 AWS 上将您从外部提供商获得的证书与您的网站或应用程序结合使用,您必须将证书上传到 IAM 或者将其导入到 AWS Certificate Manager 中。有关服务器证书的更多信息,请参阅使用服务器证书

在此示例中,您结合使用AWS SDK for Ruby和 IAM 来:

  1. 使用 Aws::IAM::Client#update_server_certificate 更新服务器证书。

  2. 使用 Aws::IAM::Client#delete_server_certificate 删除服务器证书。

  3. 使用 Aws::IAM::Client#list_server_certificates 列出有关任何剩余的服务器证书的信息。

Prerequisites

在运行示例代码之前,您需要安装并配置AWS SDK for Ruby,如下所述:

注意

服务器证书必须已存在,否则脚本将引发 Aws::IAM::Errors::NoSuchEntity 错误。

Example

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX - License - Identifier: Apache - 2.0 # The following code example shows how to: # 1. Update a server certificate in AWS Identity and Access Management (IAM). # 2. List the names of available server certificates. # 3. Delete a server certificate. require 'aws-sdk-iam' # Gets a list of available server certificate names in # AWS Identity and Access Management (IAM). # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @example # list_server_certificate_names(Aws::IAM::Client.new) def list_server_certificate_names(iam_client) response = iam_client.list_server_certificates if response.key?('server_certificate_metadata_list') && response.server_certificate_metadata_list.count.positive? response.server_certificate_metadata_list.each do |certificate_metadata| puts certificate_metadata.server_certificate_name end else puts 'No server certificates found. Stopping program.' exit 1 end rescue StandardError => e puts "Error getting server certificate names: #{e.message}" end # Changes the name of a server certificate in # AWS Identity and Access Management (IAM). # # Prerequisites: # # - The server certificate in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param server_certificate_current_name [String] The current name of # the server certificate. # @param server_certificate_new_name [String] The new name for the # the server certificate. # @return [Boolean] true if the name of the server certificate # was changed; otherwise, false. # @example # exit 1 unless server_certificate_name_changed?( # Aws::IAM::Client.new, # 'my-server-certificate', # 'my-changed-server-certificate' # ) def server_certificate_name_changed?( iam_client, server_certificate_current_name, server_certificate_new_name ) iam_client.update_server_certificate( server_certificate_name: server_certificate_current_name, new_server_certificate_name: server_certificate_new_name ) return true rescue StandardError => e puts "Error updating server certificate name: #{e.message}" return false end # Deletes a server certificate in # AWS Identity and Access Management (IAM). # # Prerequisites: # # - The server certificate in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param server_certificate_name [String] The name of the server certificate. # @return [Boolean] true if the server certificate was deleted; # otherwise, false. # @example # exit 1 unless server certificate_deleted?( # Aws::IAM::Client.new, # 'my-server-certificate' # ) def server_certificate_deleted?(iam_client, server_certificate_name) iam_client.delete_server_certificate( server_certificate_name: server_certificate_name ) return true rescue StandardError => e puts "Error deleting server certificate: #{e.message}" return false end # Full example call: def run_me server_certificate_name = 'my-server-certificate' server_certificate_changed_name = 'my-changed-server-certificate' delete_server_certificate = true iam_client = Aws::IAM::Client.new puts "Initial server certificate names are:\n\n" list_server_certificate_names(iam_client) puts "\nAttempting to change name of server certificate " \ " '#{server_certificate_name}' " \ "to '#{server_certificate_changed_name}'..." if server_certificate_name_changed?( iam_client, server_certificate_name, server_certificate_changed_name ) puts 'Server certificate name changed.' puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) if delete_server_certificate # Delete server certificate with changed name. puts "\nAttempting to delete server certificate " \ "'#{server_certificate_changed_name}'..." if server_certificate_deleted?(iam_client, server_certificate_changed_name) puts 'Server certificate deleted.' else puts 'Could not delete server certificate. You must delete it yourself.' end puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) end else puts 'Could not change server certificate name.' puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) if delete_server_certificate # Delete server certificate with initial name. puts "\nAttempting to delete server certificate '#{server_certificate_name}'..." if server_certificate_deleted?(iam_client, server_certificate_name) puts 'Server certificate deleted.' else puts 'Could not delete server certificate. You must delete it yourself.' end puts "Server certificate names now are:\n\n" list_server_certificate_names(iam_client) end end end run_me if $PROGRAM_NAME == __FILE__