Bootstrap FreeKB - Amazon Web Services (AWS) - Create SSL certificate using Terraform
Amazon Web Services (AWS) - Create SSL certificate using Terraform
Updated:   |  Amazon Web Services (AWS) articles

Before requesting a certificate, you will need a valid, registered domain (e.g. example.com).

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── amazon_certificate_management(directory)
│   ├── certificates.tf
│   ├── provider.tf

 

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

 

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

 

There are 3 types of certificates that can be "created":

  • Public Certificates issued by Amazon Web Services (AWS) Certificate Authority (Amazon Root CA 1) - These certificate are valid for 13 months (395 days) and should be automatically renewed 60 days before expiration. If ACM is unable to renew the certificate after 15 days, you will receive an email with further instructions on how to manually fix the renewal problem.
  • Public Certificates that were issued by some other Certificate Authority (such as Let's Encrypt CA)
  • Private Certificates using an ACM Private Certificate Authority

And certificates.tf could have something like this. In this example, this creates a Public Certificate issued by Amazon Web Services (AWS) Certificate Authority (Amazon Root CA 1).

resource "aws_acm_certificate" "example_com_certificate" {
  domain_name               = "example.com"
  validation_method         = "DNS"
  subject_alternative_names = ["example.com", "*.example.com"]

  tags = {
    environment = "staging"
  }

  lifecycle {
    create_before_destroy = true
  }
}

 

You may need to reissue the terraform init command.

terraform init

 

The terraform plan command can be used to see what Terraform will try to do.

terraform plan

 

The terraform apply command can be used to create or update the private key and public certificate.

terraform apply -auto-approve

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 10976e in the box below so that we can be sure you are a human.