{"id":14957787,"url":"https://github.com/robertpeteuil/terraform-aws-certbot-cloudflare-lambda","last_synced_at":"2025-10-24T12:30:50.062Z","repository":{"id":47572350,"uuid":"178632419","full_name":"robertpeteuil/terraform-aws-certbot-cloudflare-lambda","owner":"robertpeteuil","description":"Terraform Module to provision Lambda Function to get/renew LetsEncrypt certs for Cloudflare domains ","archived":false,"fork":false,"pushed_at":"2021-08-23T19:41:10.000Z","size":6504,"stargazers_count":5,"open_issues_count":3,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-31T01:11:24.227Z","etag":null,"topics":["aws-lambda","aws-lambda-python","cloudflare","cloudflare-api","cloudflare-dns","hashicorp-terraform","hcl2","letsencrypt","letsencrypt-utils","ssl-certificates","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robertpeteuil.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-31T02:13:33.000Z","updated_at":"2022-09-12T05:41:51.000Z","dependencies_parsed_at":"2022-08-24T14:37:51.662Z","dependency_job_id":null,"html_url":"https://github.com/robertpeteuil/terraform-aws-certbot-cloudflare-lambda","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robertpeteuil","download_url":"https://codeload.github.com/robertpeteuil/terraform-aws-certbot-cloudflare-lambda/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237964479,"owners_count":19394408,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-lambda","aws-lambda-python","cloudflare","cloudflare-api","cloudflare-dns","hashicorp-terraform","hcl2","letsencrypt","letsencrypt-utils","ssl-certificates","terraform-module","terraform-modules"],"created_at":"2024-09-24T13:15:34.906Z","updated_at":"2025-10-24T12:30:49.463Z","avatar_url":"https://github.com/robertpeteuil.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-certbot-cloudflare-lambda\n\n[![Latest Release](https://img.shields.io/github/release/robertpeteuil/terraform-aws-certbot-cloudflare-lambda.svg)](https://github.com/robertpeteuil/terraform-aws-certbot-cloudflare-lambda) [![license](https://img.shields.io/github/license/robertpeteuil/terraform-aws-certbot-cloudflare-lambda.svg?colorB=2067b8)](https://github.com/robertpeteuil/terraform-aws-certbot-cloudflare-lambda)\n\n`terraform-aws-certbot-cloudflare-lambda` is a Terraform module to provision a Lambda Function which obtains \u0026 renews LetsEncrypt Certificates for domains using Cloudflare DNS.\n\n- *For Terraform versions \u003e = 0.12, use module `version \u003e= \"2.0.0\"`*\n- for Terraform versions \u003c 0.12, use module `version = \"1.1.4\"`\n\n## Terraform Module Features\n\nThis Module allows simple and rapid deployment\n\n- Creates Lambda function, Lambda Layer, IAM Policies, Triggers, and Subscriptions\n  - note: Terraform moduel doees _not_ trigger the function\n- Uses specified S3 Bucket/Key for encrypted storage of\n  - Cloudflare API credentials\n  - Retrieved SSL Certificates\n- Creates CloudWatch Event to trigger function to renew certificates\n- Python function editable in repository and in Lambda UI\n- Python dependencies packaged in Lambda Layers zip\n  - Optionally create custom Lambda Layer zip using [build-lambda-layer-python](https://github.com/robertpeteuil/build-lambda-layer-python)\n    - Enables adding/changing dependencies\n    - Enables compiling for different version of Python\n\n## Certbot Cloudflare Features\n\nThis Lambda Function generates \u0026 renews SSL Certificates from LetsEncrypt for domains using Cloudflare DNS and stores the in an encrypted S3 bucket\n\n- Provides host independant creation and renewal of LetsEncrypt certificates\n  - separates certificate generation/renewal process from host\n- Allow provisioned host bootstrap to retrieve latest SSL keys from S3 bucket\n- Retrieves Cloudflare Credentials file from encrypted S3 storage\n  - Module will generate file if Cloudflare credentials are provided as vars\n  - Otherwise file can be manually created and uploaded to S3\n  - Credentials file location `$s3_bucket/$s3_path/dns/cloudflare.ini`\n- SSL Certificates are stored at location: `$s3_bucket/$s3_path/live/`\n- Supports optionally logging to SNS Topic\n  - SNS Topic can be routed to CloudWatch Log group with [SNS to CloudWatch](https://github.com/robertpeteuil/terraform-aws-sns-to-cloudwatch-logs-lambda) module\n- Four digit random number appended to name to allow multiple functions to run in same AWS region (to support multiple domains)\n\n## Usage\n\nThe module authenticates to the cloudflare DNS by retrieving a Cloudflare Credentials file from S3.  This file can be generated by the module, or manually created an placed at the correct location.\n\nUsing the Module with optional `cloudflare` params to generate and upload Cloudflare credential file to S3.\n\n```hcl\nmodule \"certbot_example\" {\n  source            = \"robertpeteuil/certbot-cloudflare-lambda/aws\"\n  version           = \"2.0.1\"     # HCL2 support - requires Terraform \u003e= 0.12\n  # version         = \"1.1.4\"     # Latest version for Terraform \u003c 0.12\n\n  aws_region           = \"us-west-2\"\n  letsencrypt_domains  = \"example.com,www.example.com\"\n  letsencrypt_email    = \"me@example.com\"\n  s3_bucket            = \"projectx\"\n  s3_path              = \"certs\"\n\n  # OPTIONAL:  Terraform creates cloudflare credentials file and stores on S3\n  #   Alternatively, the credentials file can be manually created as specified below\n  cloudflare_api_key   = \"key-654654a54c465c87d87f87fg6\"\n  cloudflare_email     = \"mycloudflareemail@domain.com\"\n}\n```\n\nThe Cloudflare credentials file can be created manually in the format below and uploaded to the location: `$s3_bucket/$s3_path/dns/cloudflare.ini`\n\n```ini\ndns_cloudflare_email = mycloudflareemail@domain.com\ndns_cloudflare_api_key = key-654654a54c465c87d87f87fg6\n```\n\n\u003e NOTE: Make sure you are using [version pinning](https://www.terraform.io/docs/modules/usage.html#module-versions) to avoid unexpected changes when the module is updated.\n\n## Required Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|:----:|:-----:|:-----:|\n| aws_region | Region where AWS resources are located | string | - | yes |\n| letsencrypt_domains | Domain to get/renew certificates | string | - | yes |\n| letsencrypt_email | Email to use with LetsEncrypt  | string | - | yes |\n| s3_bucket | S3 Bucket where config and keys are stored | string | - | yes |\n| s3_path | S3 Path where config and keys are stored | string | - | yes |\n\n## Optional Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|:----:|:-----:|:-----:|\n| cloudflare_api_key | Cloudflare API Key | string | `` | no |\n| cloudflare_email | Cloudflare Email Address | string | `` | no |\n| sns_topic | SNS Topic name used for logging | string | `` | no |\n| get_test_cert | Request Test certs | string | `false` | no |\n| lambda_tags | Mapping of Tags to assign to Lambda function | map | `{}` | no |\n| lambda_func_name | Name for Lambda Function | string | `Certbot-Cloudflare` | no |\n| lambda_description | Lambda Function Description | string | `LetsEncrypts Cert Manager for Cloudflare Domains` | no |\n| lambda_publish_func | Publish Lambda Function | string | `false` | no |\n| create_sched_event | Create event trigger to renew certs | string | `true` | no |\n| lambda_runtime | Lambda runtime for Function | string | `python3.6` | no |\n| lambda_timeout | Function time-out (seconds) | string | `120` | no |\n| lambda_mem_size | Function RAM assigned (MB) | string | `128` | no |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertpeteuil%2Fterraform-aws-certbot-cloudflare-lambda/lists"}