github.com/cbroglie/terraform@v0.7.0-rc3.0.20170410193827-735dfc416d46/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown

github.com/cbroglie/terraform@v0.7.0-rc3.0.20170410193827-735dfc416d46/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_iam_server_certificate"
     4  sidebar_current: "docs-aws-resource-iam-server-certificate"
     5  description: |-
     6    Provides an IAM Server Certificate
     7  ---
     8  
     9  # aws\_iam\_server\_certificate
    10  
    11  Provides an IAM Server Certificate resource to upload Server Certificates.
    12  Certs uploaded to IAM can easily work with other AWS services such as:
    13  
    14  - AWS Elastic Beanstalk
    15  - Elastic Load Balancing
    16  - CloudFront
    17  - AWS OpsWorks
    18  
    19  For information about server certificates in IAM, see [Managing Server
    20  Certificates][2] in AWS Documentation.
    21  
    22  ~> **Note:** All arguments including the private key will be stored in the raw state as plain-text.
    23  [Read more about sensitive data in state](/docs/state/sensitive-data.html).
    24  
    25  ## Example Usage
    26  
    27  **Using certs on file:**
    28  
    29  ```
    30  resource "aws_iam_server_certificate" "test_cert" {
    31    name             = "some_test_cert"
    32    certificate_body = "${file("self-ca-cert.pem")}"
    33    private_key      = "${file("test-key.pem")}"
    34  }
    35  ```
    36  
    37  **Example with cert in-line:**
    38  
    39  ```
    40  resource "aws_iam_server_certificate" "test_cert_alt" {
    41    name = "alt_test_cert"
    42  
    43    certificate_body = <<EOF
    44  -----BEGIN CERTIFICATE-----
    45  [......] # cert contents
    46  -----END CERTIFICATE-----
    47  EOF
    48  
    49    private_key = <<EOF
    50  -----BEGIN RSA PRIVATE KEY-----
    51  [......] # cert contents
    52  -----END CERTIFICATE-----
    53  EOF
    54  }
    55  ```
    56  
    57  **Use in combination with an AWS ELB resource:**
    58  
    59  Some properties of an IAM Server Certificates cannot be updated while they are
    60  in use. In order for Terraform to effectively manage a Certificate in this situation, it is
    61  recommended you utilize the `name_prefix` attribute and enable the
    62  `create_before_destroy` [lifecycle block][lifecycle]. This will allow Terraform
    63  to create a new, updated `aws_iam_server_certificate` resource and replace it in
    64  dependant resources before attempting to destroy the old version.
    65  
    66  
    67  ```
    68  resource "aws_iam_server_certificate" "test_cert" {
    69    name_prefix      = "example-cert"
    70    certificate_body = "${file("self-ca-cert.pem")}"
    71    private_key      = "${file("test-key.pem")}"
    72  
    73    lifecycle {
    74      create_before_destroy = true
    75    }
    76  }
    77  
    78  resource "aws_elb" "ourapp" {
    79    name                      = "terraform-asg-deployment-example"
    80    availability_zones        = ["us-west-2a"]
    81    cross_zone_load_balancing = true
    82  
    83    listener {
    84      instance_port      = 8000
    85      instance_protocol  = "http"
    86      lb_port            = 443
    87      lb_protocol        = "https"
    88      ssl_certificate_id = "${aws_iam_server_certificate.test_cert.arn}"
    89    }
    90  }
    91  ```
    92  
    93  ## Argument Reference
    94  
    95  The following arguments are supported:
    96  
    97  * `name` - (Optional) The name of the Server Certificate. Do not include the
    98    path in this value. If omitted, Terraform will assign a random, unique name.
    99  * `name_prefix` - (Optional) Creates a unique name beginning with the specified
   100    prefix. Conflicts with `name`.
   101  * `certificate_body` – (Required) The contents of the public key certificate in
   102    PEM-encoded format.
   103  * `certificate_chain` – (Optional) The contents of the certificate chain.
   104    This is typically a concatenation of the PEM-encoded public key certificates
   105    of the chain.
   106  * `private_key` – (Required) The contents of the private key in PEM-encoded format.
   107  * `path` - (Optional) The IAM path for the server certificate.  If it is not
   108      included, it defaults to a slash (/). If this certificate is for use with
   109      AWS CloudFront, the path must be in format `/cloudfront/your_path_here`.
   110      See [IAM Identifiers][1] for more details on IAM Paths.
   111  
   112  ~> **NOTE:** AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in terraform forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that `certificate_body` contains only one certificate. All other certificates should go in `certificate_chain`. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
   113  
   114  ## Attributes Reference
   115  
   116  * `id` - The unique Server Certificate name
   117  * `name` - The name of the Server Certificate
   118  * `arn` - The Amazon Resource Name (ARN) specifying the server certificate.
   119  
   120  
   121  [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
   122  [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html
   123  [lifecycle]: /docs/configuration/resources.html