Push Certificates to Cloudfront via IAM
Before You Begin
- AWS devices with the CloudFront service should be added in AppViewX
- The devices should be in Managed state.
Request Structure
| Endpoint: | /certificate/pushToDevice |
| Type: | POST |
| Sample URL: |
To understand the elements of the sample URL, click here. |
| Headers | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory) Session ID received after
login. Type: String Constraints: Required if username and password are not provided. |
| username
|
(Mandatory) AppViewX login username Type: String Constraints: Required if sessionId is not provided. |
| password
|
(Mandatory) AppViewX login password Type: String Constraints: Required if sessionId is not provided. |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload Type: String |
| gwsource
|
(Mandatory) Source from which the request is
triggered. (E.g. external) Type: String |
| Payload
|
(Mandatory) Contains all the parameters to be sent
in the request body for the post request Type: Payload |
Payload
| Name | Description |
|---|---|
| generalInformation | (Mandatory) General details related to the push
operation Type: generalInformation |
| certificateID | (Mandatory) Unique identifier of the certificate to be pushed |
| certificateDetails |
(Mandatory) Details of the certificate to be pushed Type: certificateDetails |
| certificateTags |
(Optional) Key-value pair attributes to add additional details about the certificate Type: String |
| pushDetails |
(Mandatory) Details for certificate management after the push operation Type: pushDetails |
| selectedProfiles | (Mandatory) Actual profile details of services to which where we are trying to push/bind the certificate |
| Name | Description |
|---|---|
| category |
(Mandatory) Type of the target system to which the certificate will be pushed Type: String Possible values: Cloud |
| vendor |
(Mandatory) Cloud device vendor Type: String Possible values: AWS |
| profileFilterSelection |
(Mandatory) Service type to which the certificate will be pushed Type: String Possible values: ELB |
| name | Name of the connector that will be created
to push the certificate to the cloud device Type: String |
| description | Additional details related to the
certificate being pushed, the connector for pushing the certificate.
Type: String |
| Name | Description |
|---|---|
| certificateType |
(Mandatory) Type of the certificate that is being pushed Type: String Possible values: Server, Client, Code signing |
| locationType |
(Optional) Location where the certificate will be stored Type: String |
| certificateFileName |
(Mandatory) Name of the certificate being pushed Type: String |
| certCAReferenceId | (Mandatory) ID of the issuing Certificate
Authority Type: String |
| pushRootAndIntermediateCertificates | (Optional) Push root and intermediate certificates
along with the end certificate Type: Boolean Possible values:
|
| defaultCertificate |
(Mandatory) Name of the default certificate that will be used as a fallback option This certificate will be pushed in the event that the intended certificate cannot be pushed. |
| profileFilterSelection |
(Mandatory) Service type to which the certificate will be pushed Type: String |
| Name | Description |
|---|---|
| scriptLocation |
(Mandatory) Select the location of the script file Type: String Possible Values: In AppViewX and In Device |
| preValidationScriptPath | (Optional) Location of the script that
will be executed before the certificate is pushed to the target
system Type: String |
| postValidationScriptPath | (Optional) Location of the script that
will be executed after the certificate is pushed to the target
system Type: String |
| pushAutomatically | Automatically push certificate to the
target system, after it is renewed/reissued Type: Boolean Possible values:
|
Response Structure
| Name | Description |
|---|---|
| response | Contains the response attributes for the push
request Type: response |
| message | Success message of the action or failure description
in case of error Type: String |
| appStatusCode | Application specific status code for the response.
Will be non-null for failure response. Type: String |
| tags | More info in case of failure response |
| Name | Description |
|---|---|
| requestId | Request ID for push action for the application
connector Type: String |
| connectorId | ID of the application connector for pushing the
certificate Type: String |
Status Codes
| HTTP Status code | appStatusCode | Message and Possible Remediation |
|---|---|---|
| 202 Accepted | NA | 1 connector(s) saved and push operation has been triggered. |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid
Credentials Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param. |
| 400 Bad Request | MANDATORY_FIELD_MISSING | Mandatory field is missing or invalid -
<<field name>> Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request. |
| 417 Expectation failed | FIELD_VALUE_INVALID | Cooling period should be 0 or greater than
1 Possible remediation: Please provide the correct value in the field coolingPeriod. |
| 404 Not Found | NO_RECORDS_FOUND | No matching records found - certificate not
found. Possible remediation: Please provide correct value for the field certificateId. |
| 400 Bad Request | INVALID_REQUEST | selectedProfiles are already available in the
specified certificate. Possible remediation: Please provide a different value for the field selectedProfiles. |
| 417 Expectation failed | CERT-APP-0016 | Connector with profiles {} already
exists. Possible remediation: Profile connector already exists for the selected certificate. Please change the certificateId or delete the existing connector. |
| 500 Internal Server Error | avx-common-011 | Error while processing |
Sample Request/Response
{
"generalInformation":{
"category":"cloud",
"vendor":"AWS",
"profileFilterSelection":"::cloudfront",
"name":"AWS connector",
"description":""
},
"certificateDetails":{
"certificateType":"PEM-.pem",
"locationType":"CloudFront",
"certificateFileName":"",
"certCAReferenceId":"",
"pushRootAndIntermediateCertificates":true,
"defaultCertificate":false,
"profileFilterSelection":"CloudFront",
"certificateTags":{
}
},
"certificateTags":{
},
"pushDetails":{
"scriptLocation":"appviewx",
"preValidationScriptPath":"",
"postValidationScriptPath":"",
"pushAutomatically":false
},
"certificateId":"661dbddf4c274a5eed7f5735",
"selectedProfiles":[
"AWS:@mctest:@xxx:@AppViewX:@US East (N. Virginia):@CloudFront"],
}{
"response": [
{
"requestId": "51",
"connectorId": "1715213308394"
}
],
"message": "1 connector(s) saved and push opertaion has been triggered.",
"appStatusCode": null,
"tags": {
},
"headers": null
}References
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.
