The consul_certificate_authority
resource can be used to manage the configuration of the Certificate Authority used by Consul Connect.
# Using the built-in CA with specific TTL
resource "consul_certificate_authority" "connect" {
connect_provider = "consul"
config_json = jsondecode({
LeafCertTTL = "24h"
RotationPeriod = "2160h"
IntermediateCertTTL = "8760h"
})
}
# Using Vault to manage and sign certificates
resource "consul_certificate_authority" "connect" {
connect_provider = "vault"
config_json = jsonencode({
Address = "http://localhost:8200"
Token = "..."
RootPKIPath = "connect-root"
IntermediatePKIPath = "connect-intermediate"
})
}
# Using the AWS Certificate Manager Private Certificate Authority
# * https://aws.amazon.com/certificate-manager/private-certificate-authority/
resource "consul_certificate_authority" "connect" {
connect_provider = "aws-pca"
config_json = jsonencode({
ExistingARN = "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012"
})
}
connect_provider
(String) Specifies the CA provider type to use.config
(Map of String, Deprecated) The raw configuration to use for the chosen provider. For more information on configuring the Connect CA providers, see Provider Config.config_json
(String) The raw configuration to use for the chosen provider. For more information on configuring the Connect CA providers, see Provider Config.id
(String) The ID of this resource.Import is supported using the following syntax:
terraform import certificate_authority.connect connect-ca