github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/providers/tls/index.html.markdown (about) 1 --- 2 layout: "tls" 3 page_title: "Provider: TLS" 4 sidebar_current: "docs-tls-index" 5 description: |- 6 The TLS provider provides utilities for working with Transport Layer Security keys and certificates. 7 --- 8 9 # TLS Provider 10 11 The TLS provider provides utilities for working with *Transport Layer Security* 12 keys and certificates. It provides resources that 13 allow private keys, certificates and certficate requests to be 14 created as part of a Terraform deployment. 15 16 Another name for Transport Layer Security is *Secure Sockets Layer*, 17 or SSL. TLS and SSL are equivalent when considering the resources 18 managed by this provider. 19 20 This provider is not particularly useful on its own, but it can be 21 used to create certificates and credentials that can then be used 22 with other providers when creating resources that expose TLS 23 services or that themselves provision TLS certificates. 24 25 Use the navigation to the left to read about the available resources. 26 27 ## Example Usage 28 29 ``` 30 ## This example create a self-signed certificate for a development 31 ## environment. 32 ## THIS IS NOT RECOMMENDED FOR PRODUCTION SERVICES. 33 ## See the detailed documentation of each resource for further 34 ## security considerations and other practical tradeoffs. 35 36 resource "tls_private_key" "example" { 37 algorithm = "ECDSA" 38 } 39 40 resource "tls_self_signed_cert" "example" { 41 key_algorithm = "${tls_private_key.example.algorithm}" 42 private_key_pem = "${tls_private_key.example.private_key_pem}" 43 44 # Certificate expires after 12 hours. 45 validity_period_hours = 12 46 47 # Generate a new certificate if Terraform is run within three 48 # hours of the certificate's expiration time. 49 early_renewal_hours = 3 50 51 # Reasonable set of uses for a server SSL certificate. 52 allowed_uses = [ 53 "key_encipherment", 54 "digital_signature", 55 "server_auth", 56 ] 57 58 dns_names = ["example.com", "example.net"] 59 60 subject { 61 common_name = "example.com" 62 organization = "ACME Examples, Inc" 63 } 64 } 65 66 # For example, this can be used to populate an AWS IAM server certificate. 67 resource "aws_iam_server_certificate" "example" { 68 name = "example_self_signed_cert" 69 certificate_body = "${tls_self_signed_cert.example.cert_pem}" 70 private_key = "${tls_private_key.example.private_key_pem}" 71 } 72 ```