How do I reference an existing AWS Cert in a CloudFormation template?

Question

I am hitting the certificate limit, and I would like to start referencing the existing certificates.

1. How can I do that for a new CloudFormation stack?
2. How can I migrate an existing stack to use another certificate?

Answer 1

The question is quite generic, but maybe I can point to some things that might provide a solution.

Firstly, you can use CloudFormation parameters to provide the ARN of the certificate you want to use. You can use the value of the parameters the same way as you would refer to another resource in your CloudFormation template.

Secondly, you can create your certificate in a separate CloudFormation template and export the ARN of the certificate using the outputs section of the template. Afterwards, you can use the ImportValue function of CloudFormation to retrieve the value of the exported variable.

You'll find ample examples of how to use all this in the documentation links above.

Updating an existing stack is quite easy. Using the CloudFormation interface in the AWS console, you can choose to update stack and provide a new version of the template file. This template file can then either use the cross-stack reference using an ImportValue method or use a parameter for the certificate ARN, after which CloudFormation will update, create and/or delete the resources according to the changes of the template file. Before actually executing the update, Cloudformation allows you to inspect the changes that will be made using a ChangeSet, which will be automatically created during the update process, before actually performing the update. More information about stack updates can be found here.