Resource: aws_iam_server_certificate

Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:

For information about server certificates in IAM, see Managing Server Certificates in AWS Documentation.

Example Usage

Using certs on file:

resource "aws_iam_server_certificate" "test_cert" {
  name             = "some_test_cert"
  certificate_body = file("self-ca-cert.pem")
  private_key      = file("test-key.pem")
}

Example with cert in-line:

resource "aws_iam_server_certificate" "test_cert_alt" {
  name = "alt_test_cert"

  certificate_body = <<EOF
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
EOF

  private_key = <<EOF
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
EOF
}

Use in combination with an AWS ELB resource:

Some properties of an IAM Server Certificates cannot be updated while they are in use. In order for Terraform to effectively manage a Certificate in this situation, it is recommended you utilize the name_prefix attribute and enable the create_before_destroy lifecycle block. This will allow Terraform to create a new, updated aws_iam_server_certificate resource and replace it in dependant resources before attempting to destroy the old version.

resource "aws_iam_server_certificate" "test_cert" {
  name_prefix      = "example-cert"
  certificate_body = file("self-ca-cert.pem")
  private_key      = file("test-key.pem")

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_elb" "ourapp" {
  name                      = "terraform-asg-deployment-example"
  availability_zones        = ["us-west-2a"]
  cross_zone_load_balancing = true

  listener {
    instance_port      = 8000
    instance_protocol  = "http"
    lb_port            = 443
    lb_protocol        = "https"
    ssl_certificate_id = aws_iam_server_certificate.test_cert.arn
  }
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import IAM Server Certificates using the name. For example:

import {
  to = aws_iam_server_certificate.certificate
  id = "example.com-certificate-until-2018"
}

Using terraform import, import IAM Server Certificates using the name. For example:

% terraform import aws_iam_server_certificate.certificate example.com-certificate-until-2018