I have certificate which is singed by third party (Not AWS issued). I imported this certificate in ACM, and I am trying to set up Api gateway custom domain names that will use this certificate. Since they are not AWS issued I know that I have to select ‘Imported or private certificate’ in the Endpoint Configuration, and select Ownership Verification Certificate. It is very clear what I should do in the AWS console. However, the problem appears when I am trying to create the Custom Domain Name by Terraform. It looks like I cannot define ‘ownership_verification_certificate_arn’ in the aws_api_gateway_domain_name resource. This is what I have:
resource "aws_api_gateway_domain_name" "example" {
regional_certificate_arn = var.example_resource_arn
domain_name = "example.com"
security_policy = "TLS_1_2"
endpoint_configuration {
types = ["REGIONAL"]
}
ownership_verification_certificate_arn = var.acm_public_certificate_arn
mutual_tls_authentication {
truststore_uri = "s3://${aws_s3_bucket.api_gw_truststore[0].bucket}/truststore.pem"
}
tags = var.tags
}
acm_public_certificate_arn is a certificate issued by ACM that can validate the domain name. However I got an error “Error: Unsupported argument. An argument named ownership_verification_certificate_arn” is not expected here."
If I remove it I am getting: Error: Error creating API Gateway Domain Name: BadRequestException: Missing ownershipVerificationCertificate. To use an imported or private certificate for the domain name, ownershipVerificationCertificate is required.
FYI, I cannot have the certificate and the key pem files in the terraform code.
I cannot find any solutions or examples. Any help is highly appreciated.
Thanks, Anna
