Uploads a custom TLS certificate to Fastly to be used to terminate TLS traffic.
Basic usage:
resource "tls_private_key" "key" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "cert" {
key_algorithm = tls_private_key.key.algorithm
private_key_pem = tls_private_key.key.private_key_pem
subject {
common_name = "example.com"
}
is_ca_certificate = true
validity_period_hours = 360
allowed_uses = [
"cert_signing",
"server_auth",
]
dns_names = ["example.com"]
}
resource "fastly_tls_private_key" "key" {
key_pem = tls_private_key.key.private_key_pem
name = "tf-demo"
}
resource "fastly_tls_certificate" "example" {
name = "tf-demo"
certificate_body = tls_self_signed_cert.cert.cert_pem
depends_on = [fastly_tls_private_key.key] // The private key has to be present before the certificate can be uploaded
}
There are three scenarios for updating a certificate:
In the first scenario you only need to update the certificate_body
attribute of the fastly_tls_certificate
resource, while the other scenarios require a new private key (fastly_tls_private_key
) and certificate (fastly_tls_certificate
) to be generated.
When updating both the fastly_tls_private_key
and fastly_tls_certificate
resources, they should be done in multiple plan/apply steps to avoid potential downtime. The new certificate and associated private key must first be created so they exist alongside the currently active resources. Once the new resources have been created, then the fastly_tls_activation
can be updated to point to the new certificate. Finally, the original key/certificate resources can be deleted.
A certificate can be imported using its Fastly certificate ID, e.g.
$ terraform import fastly_tls_certificate.demo xxxxxxxxxxx
certificate_body
(String) PEM-formatted certificate, optionally including any intermediary certificates.name
(String) Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.created_at
(String) Timestamp (GMT) when the certificate was created.domains
(Set of String) All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.id
(String) The ID of this resource.issued_to
(String) The hostname for which a certificate was issued.issuer
(String) The certificate authority that issued the certificate.replace
(Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.serial_number
(String) A value assigned by the issuer that is unique to a certificate.signature_algorithm
(String) The algorithm used to sign the certificate.updated_at
(String) Timestamp (GMT) when the certificate was last updated.