AWS ACM PCA Certificate
This page shows how to write Terraform for ACM PCA Certificate and write them securely.
aws_acm_certificate (Terraform)
The Certificate in ACM PCA can be configured in Terraform with the resource name aws_acm_certificate. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_acm_certificate" "blog_carterjones_info" {
provider = aws.useast1
domain_name = "blog.carterjones.info"
validation_method = "DNS"
}
resource "aws_acm_certificate" "haxe-org" {
domain_name = "haxe.org"
subject_alternative_names = ["*.haxe.org"]
validation_method = "DNS"
lifecycle {
create_before_destroy = true
resource "aws_acm_certificate" "adventar_org" {
provider = aws.us-east-1
domain_name = "adventar.org"
lifecycle {
create_before_destroy = true
resource "aws_acm_certificate" "skoleapp_com" {
domain_name = "skoleapp.com"
validation_method = "DNS"
subject_alternative_names = ["*.skoleapp.com"]
resource "aws_acm_certificate" "ridibooks-com" {
provider = aws.virginia
domain_name = "*.ridibooks.com"
subject_alternative_names = [
"ridibooks.com"
]
Parameters
-
arnoptional computed - string -
certificate_authority_arnoptional - string -
certificate_bodyoptional - string -
certificate_chainoptional - string -
domain_nameoptional computed - string -
domain_validation_optionsoptional computed - set of object-
domain_name- string -
resource_record_name- string -
resource_record_type- string -
resource_record_value- string
-
-
idoptional computed - string -
private_keyoptional - string -
statusoptional computed - string -
subject_alternative_namesoptional computed - set of string -
tagsoptional - map from string to string -
validation_emailsoptional computed - list of string -
validation_methodoptional computed - string -
optionslist block-
certificate_transparency_logging_preferenceoptional - string
-
Explanation in Terraform Registry
The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a
aws_acm_certificate_validationresource for this. Most commonly, this resource is used together withaws_route53_recordandaws_acm_certificate_validationto request a DNS validated certificate, deploy the required validation records and wait for validation to complete. Domain validation through email is also supported but should be avoided as it requires a manual step outside of Terraform. It's recommended to specifycreate_before_destroy = truein a [lifecycle][1] block to replace a certificate which is currently in use (eg, byaws_lb_listener).
CloudFormation Example
CloudFormation code does not have the related resource.
Frequently asked questions
What is AWS ACM PCA Certificate?
AWS ACM PCA Certificate is a resource for ACM PCA of Amazon Web Service. Settings can be wrote in Terraform.
Where can I find the example code for the AWS ACM PCA Certificate?
For Terraform, the carterjones/infrastructure, HaxeFoundation/haxe-terraform and adventar/adventar source code examples are useful. See the Terraform Example section for further details.
