AWS ACM PCA Certificate
This page shows how to write Terraform for ACM PCA Certificate and write them securely.
aws_acm_certificate (Terraform)
The Certificate in ACM PCA can be configured in Terraform with the resource name aws_acm_certificate
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_acm_certificate" "blog_carterjones_info" {
provider = aws.useast1
domain_name = "blog.carterjones.info"
validation_method = "DNS"
}
resource "aws_acm_certificate" "haxe-org" {
domain_name = "haxe.org"
subject_alternative_names = ["*.haxe.org"]
validation_method = "DNS"
lifecycle {
create_before_destroy = true
resource "aws_acm_certificate" "adventar_org" {
provider = aws.us-east-1
domain_name = "adventar.org"
lifecycle {
create_before_destroy = true
resource "aws_acm_certificate" "skoleapp_com" {
domain_name = "skoleapp.com"
validation_method = "DNS"
subject_alternative_names = ["*.skoleapp.com"]
resource "aws_acm_certificate" "ridibooks-com" {
provider = aws.virginia
domain_name = "*.ridibooks.com"
subject_alternative_names = [
"ridibooks.com"
]
Parameters
-
arn
optional computed - string -
certificate_authority_arn
optional - string -
certificate_body
optional - string -
certificate_chain
optional - string -
domain_name
optional computed - string -
domain_validation_options
optional computed - set of object-
domain_name
- string -
resource_record_name
- string -
resource_record_type
- string -
resource_record_value
- string
-
-
id
optional computed - string -
private_key
optional - string -
status
optional computed - string -
subject_alternative_names
optional computed - set of string -
tags
optional - map from string to string -
validation_emails
optional computed - list of string -
validation_method
optional computed - string -
options
list block-
certificate_transparency_logging_preference
optional - string
-
Explanation in Terraform Registry
The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a
aws_acm_certificate_validation
resource for this. Most commonly, this resource is used together withaws_route53_record
andaws_acm_certificate_validation
to request a DNS validated certificate, deploy the required validation records and wait for validation to complete. Domain validation through email is also supported but should be avoided as it requires a manual step outside of Terraform. It's recommended to specifycreate_before_destroy = true
in a [lifecycle][1] block to replace a certificate which is currently in use (eg, byaws_lb_listener
).
CloudFormation Example
CloudFormation code does not have the related resource.
Frequently asked questions
What is AWS ACM PCA Certificate?
AWS ACM PCA Certificate is a resource for ACM PCA of Amazon Web Service. Settings can be wrote in Terraform.
Where can I find the example code for the AWS ACM PCA Certificate?
For Terraform, the carterjones/infrastructure, HaxeFoundation/haxe-terraform and adventar/adventar source code examples are useful. See the Terraform Example section for further details.