How to connect aws certificate manager to aws_alb_listener in terraform?

I have certificate in aws certificate manager.

How I connect this certificate to aws_alb_listener in terraform?

Right now I take the certs from files in my computer.

resource "aws_alb_listener" "alb_front_https" {
    load_balancer_arn   =   "${aws_alb.demo_eu_alb.arn}"
    port            =   "443"
    protocol        =   "HTTPS"
    ssl_policy      =   "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
    certificate_arn     =   "${aws_iam_server_certificate.lb_cert.arn}"
    default_action {
        target_group_arn    =   "${aws_alb_target_group.nginx.arn}"
        type            =   "forward"
    }
}

resource "aws_iam_server_certificate" "lb_cert" {
  name              = "lb_cert-${var.app}"
  certificate_body  = "${file("./www.xxx.com/cert.pem")}"
  private_key       = "${file("./www.xxx.com/privkey.pem")}"
  certificate_chain = "${file("./www.xxx.com/chain.pem")}"
}

I want to aws_alb_listener to use certificate on aws certificate manager.

How to do that in terraform?

Upvotes: 3

Answers (2)

Jeevagan

Reputation: 476

You can get the certificate ARN using,

data "aws_acm_certificate" "certificate" {
  domain      = "your.domain"
  statuses    = ["ISSUED"]
  most_recent = true
}

and then attach it to listener

resource "aws_lb_listener_certificate" "ssl_certificate" {
  listener_arn    = aws_lb_listener.alb_front_https.arn
  certificate_arn = data.aws_acm_certificate.certificate.arn
}

Upvotes: 7

Chris Williams

Reputation: 35188

You can specify either an IAM based Arn or an ACM based Arn for a aws_alb_listener resource.

If you set the certificate_arn to your ACM certificates Arn this will also work.

Upvotes: 0

How to connect aws certificate manager to aws_alb_listener in terraform?

Answers (2)

Related Questions