Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python AWS Lambda Certificates

Tags:

How do I add an additional CA (certificate authority) to the trust store used by my Python3 AWS Lambda function?

like image 797
Punter Vicky Avatar asked May 20 '19 16:05

Punter Vicky


1 Answers

If you only need a single CA, then get your crt file and encode it into a pem using the following command in linux:

openssl x509 -text -in "{your CA}.crt" > cacert.pem

If you need to add CA's to the default CA bundle, then copy python3.8/site-packages/certifi/cacert.pem to your lambda folder. Then run this command for each crt:

openssl x509 -text -in "{your CA}.crt" >> cacert.pem

After creating the pem file, deploy your lambda with the REQUESTS_CA_BUNDLE environment variable set to /var/task/cacert.pem.

/var/task is where AWS Lambda extracts your zipped up code to.

like image 161
carlin.scott Avatar answered Oct 19 '22 09:10

carlin.scott