All products Terraform AWS aws
tf-aws-acm-cert

The module offers flexible management of AWS ACM certificate:

  • Create ACM certificate and verify it over Route53 hosted zone
  • Create ACM certificate and return DNS records required for signing the ACM sertificate outside of Route53
  • Export existing certificate to ACM
  • Generate self-signed certificate and export it to ACM

AWS ACM Certificate

AWS ACM Certificate management
$100
Version:
1.0.0
79
79
v1.0.0
BUY
79
License
Log in to Corewide IaC registry

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com
Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_aws_acm_cert" {
  source  = "solutions.corewide.com/aws/tf-aws-acm-cert/aws"
  version = "~> 1.0.0"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init
Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 1.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "1.0.0"

v1.0.0 released 1 year, 1 month ago
Changelog

Create ACM certificate with alternative domains in AWS Route 53 hosted zone:

 hclmodule "acm" {
  source  = "solutions.corewide.com/aws/tf-aws-acm-cert/aws"
  version = "~> 1.0"

  domain_zone        = "foo.biz"
  certificate_domain = "foo.biz"

  subject_alternative_names = [
    "dev.foo.biz",
    "qa.foo.biz",
  ]
}

Create ACM certificate with alternative domains without AWS Route 53 hosted zone:

 hclmodule "acm" {
  source  = "solutions.corewide.com/aws/tf-aws-acm-cert/aws"
  version = "~> 1.0"

  certificate_domain = "foo.biz"

  subject_alternative_names = [
    "dev.foo.biz",
    "qa.foo.biz",
  ]
}

Export certificate to AWS ACM:

 hclmodule "acm" {
  source  = "solutions.corewide.com/aws/tf-aws-acm-cert/aws"
  version = "~> 1.0"

  private_key      = var.pem_private_key
  certificate_body = var.pem_public_key
}

Create a self-signed SSL certificate and export it to AWS ACM:

 hclmodule "acm" {
  source  = "solutions.corewide.com/aws/tf-aws-acm-cert/aws"
  version = "~> 1.0"

  create_self_signed_ssl_cert = true

  ssl_subject = {
    common_name  = "foo.bar"
    organization = "Baz"
  }
}
Variable Description Type Default Required Sensitive
certificate_body Certificate body for SSL certificates imported to ACM string yes no
certificate_chain The certificate's PEM-formatted chain string yes no
certificate_domain A domain name for which the certificate should be issued for AWS signed certificate string yes no
domain_zone Root domain name of a hosted zone for automatic ACM validation record creation string yes no
private_key A private key for SSL certificates imported to ACM string yes no
create_self_signed_ssl_cert Create self-signed certificate instead of AWS issued bool false no no
private_key_algorithm The name of the algorithm to use for self-signed key (Currently supported values are: RSA, ECDSA, ED25519) string ECDSA no no
ssl_allowed_uses List of keywords each describing a use that is permitted for the issued certificate list(string) no no
ssl_dns_names List of DNS names for which a certificate is being requested list(string) [] no no
ssl_ip_addresses List of IP addresses for which a certificate is being requested list(string) [] no no
ssl_subject The subject for which a certificate is being requested object no no
ssl_subject.common_name A domain name you wish to secure with your certificate string yes no
ssl_subject.organization_name The Organization Name string yes no
ssl_uris List of URIs for which a certificate is being requested list(string) [] no no
ssl_validity_period_hours The number of hours after initial issuing that the certificate will become invalid number 90000 no no
subject_alternative_names Set of domains that should be SANs in the issued certificate list(string) [] no no
tags A map of tags to assign to ACM resource map(string) {} no no
validation_method Which method to use for certificate validation (DNS or EMAIL are valid) string DNS no no
Output Description Type Sensitive
acm_certificate Contains attributes of Imported ACM certificate resource yes
acm_signed Contains attributes of AWS-signed ACM certificate resource no
Dependency Version Kind
terraform >= 1.0 CLI
hashicorp/aws ~> 5.0 provider
hashicorp/tls ~> 4.0 provider

References

Not sure where to start?
Let's find your perfect match.