AWS ACM PCA Certificate

This page shows how to write Terraform for ACM PCA Certificate and write them securely.

aws_acm_certificate (Terraform)

The Certificate in ACM PCA can be configured in Terraform with the resource name aws_acm_certificate. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

github-iconcarterjones/infrastructure
resource "aws_acm_certificate" "blog_carterjones_info" {
  provider          = aws.useast1
  domain_name       = "blog.carterjones.info"
  validation_method = "DNS"
}

github-iconHaxeFoundation/haxe-terraform
resource "aws_acm_certificate" "haxe-org" {
  domain_name               = "haxe.org"
  subject_alternative_names = ["*.haxe.org"]
  validation_method         = "DNS"
  lifecycle {
    create_before_destroy = true
github-iconadventar/adventar
resource "aws_acm_certificate" "adventar_org" {
  provider    = aws.us-east-1
  domain_name = "adventar.org"

  lifecycle {
    create_before_destroy = true
github-iconskoleapp/skole-infra
resource "aws_acm_certificate" "skoleapp_com" {
  domain_name       = "skoleapp.com"
  validation_method = "DNS"

  subject_alternative_names = ["*.skoleapp.com"]

github-iconridi/frontend-provisions
resource "aws_acm_certificate" "ridibooks-com" {
  provider    = aws.virginia
  domain_name = "*.ridibooks.com"
  subject_alternative_names = [
    "ridibooks.com"
  ]

Parameters

Explanation in Terraform Registry

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws_acm_certificate_validation resource for this. Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate_validation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete. Domain validation through email is also supported but should be avoided as it requires a manual step outside of Terraform. It's recommended to specify create_before_destroy = true in a [lifecycle][1] block to replace a certificate which is currently in use (eg, by aws_lb_listener).

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS ACM PCA Certificate?

AWS ACM PCA Certificate is a resource for ACM PCA of Amazon Web Service. Settings can be wrote in Terraform.

Where can I find the example code for the AWS ACM PCA Certificate?

For Terraform, the carterjones/infrastructure, HaxeFoundation/haxe-terraform and adventar/adventar source code examples are useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.