Team,
Am trying to create the AWS PCA, Install the CA certificate and Request a private certificate using ACM. Where am facing the following error, What am i missing here?
Code:
resource "aws_acmpca_certificate_authority" "private_ca_authority" {
permanent_deletion_time_in_days = 7
type = "ROOT"
certificate_authority_configuration {
key_algorithm = local.key_algorithm
signing_algorithm = local.signing_algorithm
subject {
common_name = local.common_name
organization = local.org
}
}
tags = local.tags
}
resource "aws_acmpca_permission" "private_ca_permission" {
certificate_authority_arn = aws_acmpca_certificate_authority.private_ca_authority.arn
actions = ["IssueCertificate", "GetCertificate", "ListPermissions"]
principal = "acm.amazonaws.com"
}
data "aws_partition" "current" {}
resource "aws_acmpca_certificate" "private_ca_cert" {
certificate_authority_arn = aws_acmpca_certificate_authority.private_ca_authority.arn
certificate_signing_request = aws_acmpca_certificate_authority.private_ca_authority.certificate_signing_request
signing_algorithm = local.signing_algorithm
template_arn = "arn:${data.aws_partition.current.partition}:acm-pca:::template/RootCACertificate/V1"
validity {
type = "YEARS"
value = local.private_cert_validity
}
}
resource "aws_acmpca_certificate_authority_certificate" "pca_authority_cert" {
certificate_authority_arn = aws_acmpca_certificate_authority.private_ca_authority.arn
certificate = aws_acmpca_certificate.private_ca_cert.certificate
certificate_chain = aws_acmpca_certificate.private_ca_cert.certificate_chain
}
resource "aws_acm_certificate" "request_cert" {
domain_name = local.common_name
certificate_authority_arn = aws_acmpca_certificate_authority.private_ca_authority.arn
key_algorithm = local.key_algorithm
tags = local.tags
lifecycle {
create_before_destroy = true
}
}
Error:
resource "aws_acm_certificate" "request_cert" {
arn = "arn:aws:acm:us-east-1:<>:certificate/ac0c10e9-a84d-4172-b0f9-cf165402cd1e"
certificate_authority_arn = "arn:aws:acm-pca:us-east-1:<>:certificate-authority/9b42320f-1fb8-45be-98cc-f4d784b95108"
domain_name = "domain"
domain_validation_options = []
id = "arn:aws:acm:us-east-1:<>:certificate/ac0c10e9-a84d-4172-b0f9-cf165402cd1e"
key_algorithm = "RSA_2048"
pending_renewal = false
renewal_eligibility = "INELIGIBLE"
renewal_summary = []
status = "FAILED"
subject_alternative_names = [
"domain",
]
In UI
Versions:
Terraform v1.3.2
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v5.0.1
When Manually “Install CA certificate” for the AWS private certificate authorities, “aws_acm_certificate.request_cert” able to create the certificate using ACM.
Also, Am not finding any terraform resources for “Export certificate” from ACM, is there any ?