import the certificate to aws certificate manager about terraform-provider-acme-old HOT 10 CLOSED

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html

You can use ACM or IAM to store and deploy server certificates.

ACM is the preferred tool to provision, manage, and deploy your server certificates.

Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM

Additionally, you cannot manage your certificates from the IAM Console.

Those are excerpts from the doc linked above. It seems to be strongly suggested to use the ACM. It would also be nice because you could then see them in the console. Iam server certs don't show anywhere in the console as far as I can tell. But either way, the doc seems to implore you to use ACM over iam server certs and suggests server certs are only there for regions that don't use ACM yet.

It would be great to have an ACM certificate import feature.

from terraform-provider-acme-old.

If you don't need to use ACM, you can instead create an IAM Server Certificate by doing something like:

resource "aws_iam_server_certificate" "my-cert" {
  name_prefix = "my-cert"
  certificate_body = "${acme_certificate.certificate.certificate_pem}"
  certificate_chain = "${acme_certificate.certificate.issuer_pem}"
  private_key = "${tls_private_key.private_key.private_key_pem}"
  lifecycle {
    create_before_destroy = true
  }
  provisioner "local-exec" {
    command = "sleep 10"
  }
}

from terraform-provider-acme-old.

This does seem like it could be a useful feature, but I'm not sure the ACME provider is the right place for it. Instead, seems like a feature request for core terraform to add additional functionality to the aws_acm_certificate resource.

from terraform-provider-acme-old.

@ozbillwang, @lsowen's mentioned method is the correct way to import a certificate created here into AWS. Don't use "ACM" as it's mainly used for managing AWS' own provisioned certificates.

Once you set it up this way it should update naturally as the certificate updates during renewals, etc.

Thanks!

from terraform-provider-acme-old.

this is actually wrong
https://docs.aws.amazon.com/cli/latest/reference/acm/import-certificate.html
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

from terraform-provider-acme-old.

• Plus 1 to this feature

from terraform-provider-acme-old.

+1

from terraform-provider-acme-old.

+1 It would make more sense to include the additional functionality into the aws_acm_certificate resource creation.

from terraform-provider-acme-old.

+1

from terraform-provider-acme-old.

Hey everyone, apologies for giving outdated info (re: IAM certificates versus ACM). To be honest it's been a while since I've had to deal with certificates within AWS so my own knowledge in that area probably needs a refresh.

I haven't really been looking at this issue that much over the last few months as it's been closed. Further to that, regardless of how you get the certificate into AWS, all of this workflow is still outside of the scope of the ACME provider, ultimately meaning that my original comment and some of the other comments here about this functionality belonging in the AWS provider still stands. To get the certificate data out of this provider, you can use private_key_pem and certificate_pem. What is done with it after that will vary from provider to provider (as AWS is by far not the only cloud this provider can be used with).

Seeing as this issue has been closed for some time and is ultimately inactionable, I'm going to lock the thread. Any questions regarding the AWS provider can be directed to the AWS issue tracker which can be found here.

Thanks!

from terraform-provider-acme-old.