Setting up an SSL certificate using AWS and Terraform

SSL certificates for CloudFront require us-east-1

Add a specific provider for creating CloudFront-compatible SSL certificates

provider "aws" {
alias = "acm"
region = "us-east-1"
version = "2.24"
}
resource "aws_acm_certificate" "default" {
provider = "aws.acm"
domain_name = "${var.domain}"
subject_alternative_names = ["*.${var.domain}"]
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "validation" {
zone_id = "${aws_route53_zone.public_zone.zone_id}"
name = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_type}"
records = ["${aws_acm_certificate.default.domain_validation_options.0.resource_record_value}"]
ttl = "300"
}
resource "aws_acm_certificate_validation" "default" {
provider = "aws.acm"
certificate_arn = "${aws_acm_certificate.default.arn}" validation_record_fqdns = [
"${aws_route53_record.validation.fqdn}",
]
}
resource "aws_cloudfront_distribution" "cdn" {
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate.default.0.arn}"
...
}
...
}

writes about web development, starting up, and managing projects and people.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store