Skip to content

plus3it/terraform-aws-tardigrade-private-certificate-authority

BranchesTags

Repository files navigation

Overview

Once this certificate authority has been created, it will enter a "Pending" state, and output a Certificate Signing Request. The CSR needs to be self-signed (in the case of acmpca_certificate_authority.type being "ROOT") or signed by a root certificate authority if this is meant to be a "SUBORDINATE".

After signing, you will need to use the AWS PCA CLI to manually associate the signed cert back to the certificate authortiy, which will put it in an "Active" state. See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm-pca/index.html for console reference.

If the PCA and certs it issues are in the same account, you can use CreatePermission to configure automatic renewal.

If the PCA and ACM reside in different accounts, share the PCA using a RAM Share to allow ACM in the other account to manage the certificate.

Requirements

No requirements.

Providers

Name Version
aws n/a

Resources

Name Type

Inputs

Name Description Type Default Required
private_certificate_authority n/a 
object({
    s3_bucket = optional(object({
      bucket        = string
      force_destroy = bool
      policy = object({
        json = string
      })
    }))

    acmpca_certificate_authority = object({
      enabled                         = bool
      key_storage_security_standard   = optional(string)
      permanent_deletion_time_in_days = optional(string)
      tags                            = map(string)
      type                            = optional(string)
      usage_mode                      = optional(string)

      certificate_authority_configuration = object({
        key_algorithm     = string
        signing_algorithm = string
        subject = object({
          common_name                  = optional(string)
          country                      = optional(string)
          distinguished_name_qualifier = optional(string)
          generation_qualifier         = optional(string)
          given_name                   = optional(string)
          initials                     = optional(string)
          locality                     = optional(string)
          organization                 = optional(string)
          organizational_unit          = optional(string)
          pseudonym                    = optional(string)
          state                        = optional(string)
          surname                      = optional(string)
          title                        = optional(string)
        })
      })

      revocation_configuration = optional(object({
        crl_configuration = optional(object({
          custom_cname       = string
          enabled            = bool
          expiration_in_days = string
          s3_object_acl      = string
        }))
        ocsp_configuration = optional(object({
          enabled           = bool
          ocsp_custom_cname = string
        }))
      }))
    })
  })
 n/a yes

Outputs

Name Description
certificate_signing_request n/a

About

Terraform module to manage AWS Private CA

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases 1

1.0.0 Latest
Oct 18, 2023

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages