Use TLS self signed certificate with Application Load Balancer AWS Terraform
0
Hi AWS, I am trying to attach a self-signed tls certificate with an AWS ALB. The terraform code for the same is:
resource "tls_self_signed_cert" "self_signed" {
# key_algorithm = tls_private_key.web_app_key.algorithm
private_key_pem = tls_private_key.web_app_key.private_key_pem
subject {
common_name = "test.example.com"
}
validity_period_hours = 8760
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
dns_names = ["test.example.com"]
}
resource "aws_lb_listener_certificate" "web_app_cert" {
listener_arn = aws_lb_listener.https_rule.arn
**certificate_arn = tls_self_signed_cert.self_signed.?**
}
But I don't know which attribute is best suited to get the certificate ARN. Here is the terraform docs https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert#cert_pem
Please guide.
Language
English
asked 2 months ago216 views
1 Answer
- Newest
- Most votes
- Most comments
0
Okay, I think that would be managing certificates in IAM. I've never done it with Terraform, but I think iam_server_certificate is what you're looking for.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_server_certificate
Relevant content
- asked 6 months ago
- asked a year ago
- Accepted Answerasked 9 months ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
This was the original requirement: Create self signed certificate for
test.example.comand used this hostname with Load balancer, this DNS should be resolved internally within VPC network with route 53 private hosted zone.I am not good at English, so I want to clarify your question.
Is it correct that what you want to know is that you want to add a record pointing to the ALB in Route 53? In other words, when you query Route53 for test.example.com, do you want the IP of the ALB to be returned?
Or do you want all of the following? How to install a self-signed certificate in the ALB How to create a private host zone on Route53 How to add a record to Route53 that returns the ALB's IP
Hi Shibata, the questions you asked below are my requirements i.e.
How to install a self-signed certificate in the ALB How to create a private host zone on Route53 How to add a record to Route53 that returns the ALB's IP
That's fine English is just any other language after all and I am not a native English speaking guy either :)
I understand your question. However, I must make an unfortunate announcement.
To answer your question, I must check your understanding of several items. It is a task that requires as much effort as writing a blog post, and even in my native language, it is difficult, and I do not have the time to do it.
I would like to help you, so I hope the following will give you some hints.
To upload certificates to AWS, you can use ACM's import function in addition to IAM, which I mentioned earlier. This is more modern.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate
You can apply the certificate to ALB by specifying the ARN of the ACM certificate you just created in the certificate_arn of the aws_alb_listener.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener
A Route 53 Private Host Zone can be created at
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone#private-zone
Use an alias record to return the IP of the ALB in Route 53.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record#alias-record
I hope you can achieve your goal.