Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:
For information about server certificates in IAM, see Managing Server Certificates in AWS Documentation.
Using certs on file:
resource "aws_iam_server_certificate" "test_cert" {
name = "some_test_cert"
certificate_body = file("self-ca-cert.pem")
private_key = file("test-key.pem")
}
Example with cert in-line:
resource "aws_iam_server_certificate" "test_cert_alt" {
name = "alt_test_cert"
certificate_body = <<EOF
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
EOF
private_key = <<EOF
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
EOF
}
Use in combination with an AWS ELB resource:
Some properties of an IAM Server Certificates cannot be updated while they are
in use. In order for Terraform to effectively manage a Certificate in this situation, it is
recommended you utilize the name_prefix
attribute and enable the
create_before_destroy
lifecycle block. This will allow Terraform
to create a new, updated aws_iam_server_certificate
resource and replace it in
dependant resources before attempting to destroy the old version.
resource "aws_iam_server_certificate" "test_cert" {
name_prefix = "example-cert"
certificate_body = file("self-ca-cert.pem")
private_key = file("test-key.pem")
lifecycle {
create_before_destroy = true
}
}
resource "aws_elb" "ourapp" {
name = "terraform-asg-deployment-example"
availability_zones = ["us-west-2a"]
cross_zone_load_balancing = true
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = aws_iam_server_certificate.test_cert.arn
}
}
This resource supports the following arguments:
name
- (Optional) The name of the Server Certificate. Do not include the
path in this value. If omitted, Terraform will assign a random, unique name.name_prefix
- (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with name
.certificate_body
– (Required) The contents of the public key certificate in
PEM-encoded format.certificate_chain
– (Optional) The contents of the certificate chain.
This is typically a concatenation of the PEM-encoded public key certificates
of the chain.private_key
– (Required) The contents of the private key in PEM-encoded format.path
- (Optional) The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here
.
See IAM Identifiers for more details on IAM Paths.tags
- (Optional) Map of resource tags for the server certificate. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.This resource exports the following attributes in addition to the arguments above:
arn
- The Amazon Resource Name (ARN) specifying the server certificate.expiration
- Date and time in RFC3339 format on which the certificate is set to expire.id
- The unique Server Certificate namename
- The name of the Server Certificatetags_all
- A map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.upload_date
- Date and time in RFC3339 format when the server certificate was uploaded.In Terraform v1.5.0 and later, use an import
block to import IAM Server Certificates using the name
. For example:
import {
to = aws_iam_server_certificate.certificate
id = "example.com-certificate-until-2018"
}
Using terraform import
, import IAM Server Certificates using the name
. For example:
% terraform import aws_iam_server_certificate.certificate example.com-certificate-until-2018