FEATURES PRICING ABOUT DOCS LOGIN

aws_iam_server_certificate

Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:

For information about server certificates in IAM, see Managing Server Certificates in AWS Documentation.

Example Usage

Using certs on file:

resource "aws_iam_server_certificate" "test_cert" {
  name = "some_test_cert"
  certificate_body = "${file("self-ca-cert.pem")}"
  private_key = "${file("test-key.pem")}"
}

Example with cert in-line:

resource "aws_iam_server_certificate" "test_cert_alt" {
  name = "alt_test_cert"
  certificate_body = <<EOF
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
EOF

  private_key =  <<EOF
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END CERTIFICATE-----
EOF
}

Use in combination with an AWS ELB resource:

Some properties of an IAM Server Certificates cannot be updated while they are in use. In order for Terraform to effectively manage a Certificate in this situation, it is recommended you utilize the name_prefix attribute and enable the create_before_destroy lifecycle block. This will allow Terraform to create a new, updated aws_iam_server_certificate resource and replace it in dependant resources before attempting to destroy the old version.

resource "aws_iam_server_certificate" "test_cert" {
  name_prefix      = "example-cert"
  certificate_body = "${file("self-ca-cert.pem")}"
  private_key      = "${file("test-key.pem")}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_elb" "ourapp" {
  name                      = "terraform-asg-deployment-example"
  availability_zones        = ["us-west-2a"]
  cross_zone_load_balancing = true

  listener {
    instance_port      = 8000
    instance_protocol  = "http"
    lb_port            = 443
    lb_protocol        = "https"
    ssl_certificate_id = "${aws_iam_server_certificate.test_cert.arn}"
  }
}

Argument Reference

The following arguments are supported:

~> NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in terraform forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

Attributes Reference


See the source of this document at Terraform.io

REQUEST A DEMO