Comments (10)
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
You can use ACM or IAM to store and deploy server certificates.
ACM is the preferred tool to provision, manage, and deploy your server certificates.
Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM
Additionally, you cannot manage your certificates from the IAM Console.
Those are excerpts from the doc linked above. It seems to be strongly suggested to use the ACM. It would also be nice because you could then see them in the console. Iam server certs don't show anywhere in the console as far as I can tell. But either way, the doc seems to implore you to use ACM over iam server certs and suggests server certs are only there for regions that don't use ACM yet.
It would be great to have an ACM certificate import feature.
from terraform-provider-acme-old.
If you don't need to use ACM, you can instead create an IAM Server Certificate by doing something like:
resource "aws_iam_server_certificate" "my-cert" {
name_prefix = "my-cert"
certificate_body = "${acme_certificate.certificate.certificate_pem}"
certificate_chain = "${acme_certificate.certificate.issuer_pem}"
private_key = "${tls_private_key.private_key.private_key_pem}"
lifecycle {
create_before_destroy = true
}
provisioner "local-exec" {
command = "sleep 10"
}
}
from terraform-provider-acme-old.
This does seem like it could be a useful feature, but I'm not sure the ACME provider is the right place for it. Instead, seems like a feature request for core terraform to add additional functionality to the aws_acm_certificate
resource.
from terraform-provider-acme-old.
@ozbillwang, @lsowen's mentioned method is the correct way to import a certificate created here into AWS. Don't use "ACM" as it's mainly used for managing AWS' own provisioned certificates.
Once you set it up this way it should update naturally as the certificate updates during renewals, etc.
Thanks!
from terraform-provider-acme-old.
this is actually wrong
https://docs.aws.amazon.com/cli/latest/reference/acm/import-certificate.html
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
from terraform-provider-acme-old.
- Plus 1 to this feature
from terraform-provider-acme-old.
+1
from terraform-provider-acme-old.
+1 It would make more sense to include the additional functionality into the aws_acm_certificate resource creation.
from terraform-provider-acme-old.
+1
from terraform-provider-acme-old.
Hey everyone, apologies for giving outdated info (re: IAM certificates versus ACM). To be honest it's been a while since I've had to deal with certificates within AWS so my own knowledge in that area probably needs a refresh.
I haven't really been looking at this issue that much over the last few months as it's been closed. Further to that, regardless of how you get the certificate into AWS, all of this workflow is still outside of the scope of the ACME provider, ultimately meaning that my original comment and some of the other comments here about this functionality belonging in the AWS provider still stands. To get the certificate data out of this provider, you can use private_key_pem
and certificate_pem
. What is done with it after that will vary from provider to provider (as AWS is by far not the only cloud this provider can be used with).
Seeing as this issue has been closed for some time and is ultimately inactionable, I'm going to lock the thread. Any questions regarding the AWS provider can be directed to the AWS issue tracker which can be found here.
Thanks!
from terraform-provider-acme-old.
Related Issues (20)
- Remove OCSP post-revocation validation
- Reorganize code, update/remove old documentation HOT 1
- acme_registration: State migration
- acme_certificate: State migration
- acme_registration: Now manages "accounts" HOT 1
- acme_registration <-> acme_certificate resource relationship HOT 1
- Update CHANGELOG with relevant milestone items
- reg/cert: Ensure IDs don't change, restore resource URL attributes
- State migration smoke test HOT 2
- provider: Promote server_url to provider config variable
- resource/certificate: ID should change on renewal
- DNS provider support HOT 4
- Route53 provider timeout HOT 1
- provider.acme.server_url change not forcing a new resource HOT 1
- Plugin usage on Terraform Enterprise HOT 1
- v1.0.0 - Change from ACME staging to prod HOT 2
- Resource to generate a PKCS #12 archive file HOT 2
- Publish your PGP Fingerprint HOT 1
- Migration from dns_challenge config to environment variables config stuck in state HOT 1
- Terraform Provider Development Program HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-acme-old.