aureq
commented
7 years ago So, after thinking a bit more about this, it should be smart to have a plugin like interface. a store provider provides a routing mechanism and calls a plugin to store the certificate, key and ca chain onto any possible location.
That should help separate code from Let's Lambda and the certificate store plugins. That should also provide an extensible platform for other people to provide their own store plugins (like for the DNS challenge).
IAM may be a dependency on for other stores like ELB and CloudFront.
It would be desirable to specify one or more certificate store like IAM, KMS, S3 or SSH. This would provide targets and simplify the deployment process.