Python AWS Lambda 证书 [英] Python AWS Lambda Certificates

问题描述

如何向 Python3 AWS Lambda 函数使用的信任库添加额外的 CA(证书颁发机构)?

How do I add an additional CA (certificate authority) to the trust store used by my Python3 AWS Lambda function?

推荐答案

如果你只需要一个CA，那么在linux中使用以下命令获取你的crt文件并将其编码为pem:

If you only need a single CA, then get your crt file and encode it into a pem using the following command in linux:

openssl x509 -text -in "{your CA}.crt" > cacert.pem

openssl x509 -text -in "{your CA}.crt" > cacert.pem

如果您需要将 CA 添加到默认 CA 包，请将 python3.8/site-packages/certifi/cacert.pem 复制到您的 lambda 文件夹.然后为每个 crt 运行这个命令:

If you need to add CA's to the default CA bundle, then copy python3.8/site-packages/certifi/cacert.pem to your lambda folder. Then run this command for each crt:

openssl x509 -text -in "{your CA}.crt" >> cacert.pem

openssl x509 -text -in "{your CA}.crt" >> cacert.pem

创建 pem 文件后，部署您的 lambda，并将 REQUESTS_CA_BUNDLE 环境变量设置为 /var/task/cacert.pem.

After creating the pem file, deploy your lambda with the REQUESTS_CA_BUNDLE environment variable set to /var/task/cacert.pem.

/var/task 是 AWS Lambda 将压缩代码提取到的位置.

/var/task is where AWS Lambda extracts your zipped up code to.

这篇关于Python AWS Lambda 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！